This host is installed OProfile and is prone to multiple vulnerabilities.

Successful exploitation will allow local users to run arbitrary commands with super-user privileges. Impact Level: Application.

Apply the patchs from below links https://bugzilla.redhat.com/attachment.cgi?id=499232 https://bugzilla.redhat.com/attachment.cgi?id=499233 https://bugzilla.redhat.com/attachment.cgi?id=499234 https://bugzilla.redhat.com/attachment.cgi?id=499235 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

The flaws are due to an error, - while handling content of event argument, provided to oprofile profiling control utility (opcontrol). - while handling 'do_dump_data' function, allows local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file. - in 'utils/opcontrol', allow local users to conduct eval injection attacks and gain privileges via shell meta characters in the several arguments.

OProfile version 0.9.6 and prior.

• http://openwall.com/lists/oss-security/2011/05/03/1
• http://openwall.com/lists/oss-security/2011/05/10/7
• https://bugzilla.redhat.com/show_bug.cgi?id=700883

---

Updated on 2017-03-28