oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

From: Josh Bressers <bressers () redhat com>
Date: Mon, 2 May 2011 15:24:30 -0400 (EDT)


----- Original Message -----

Hello Josh, Steve, vendors,

It was found that oprofile profiling system did not properly sanitize
the content of event argument, provided to oprofile profiling control
utility (opcontrol). If a local unprivileged user was authorized by
sudoers file to run the opcontrol utility, they could use the flaw
to escalate their privileges (execute arbitrary code with the
privileges
of the privileged system user, root). Different vulnerability than
CVE-2006-0576.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212
[2] https://bugzilla.redhat.com/show_bug.cgi?id=700883

Could you allocate a CVE id for this?

Thank you & Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

P.S.: Oprofile is not encouraged to be run under sudo, but still
should not allow escalation of privileges.



I'm giving this an ID. oprofile is one of those tools that is likely to be
run as a privileged user.

Please use CVE-2011-1760

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: