Ubuntu Update For Oprofile USN-1166-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1166-1

Solution

Please Install the Updated Packages.

Insight

Stephane Chauveau discovered that OProfile did not properly perform input validation when processing arguments to opcontrol. A local user who is allowed to run opcontrol with privileges could exploit this to run arbitrary commands as the privileged user. (CVE-2011-1760, CVE-2011-2471) Stephane Chauveau discovered a directory traversal vulnerability in OProfile when processing the --save argument to opcontrol. A local user could exploit this to overwrite arbitrary files with the privileges of the user invoking the program. (CVE-2011-2472)

Affected

oprofile on Ubuntu 10.04 LTS

Severity

Classification

CVE CVE-2011-1760, CVE-2011-2471, CVE-2011-2472

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for CUPS update USN-1036-1
Ubuntu Update for exim4 USN-1135-1
Ubuntu Update for ffmpeg USN-1675-1
Ubuntu Update for cups-filters USN-2210-1
Ubuntu Update for apt-listchanges vulnerability USN-572-1

Ubuntu Update for oprofile USN-1166-1

Take action and discover your vulnerabilities