CVE-2011-2473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473): The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760. CVE-2011-2472 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472): Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760. CVE-2011-2471 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471): utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.
I think all this issues are covered by patches that were applied due to bug 366699. May be it's sane to resolve this bug as a duplicate and add information there...
(In reply to comment #1) > I think all this issues are covered by patches that were applied due to bug > 366699. May be it's sane to resolve this bug as a duplicate and add information > there... These issues appear to be fixed by oprofile-0.9.6-Do-additional-checks-on-user-supplied-arguments.patch. Peter, please correct me if I am wrong. *** This bug has been marked as a duplicate of bug 366699 ***
