Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title oprofile security update
Informations
Name DSA-2254 First vendor Publication 2011-06-03
Vendor Debian Last vendor Modification 2011-07-11
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Jamie Strandboge noticed that the patch propoused to fix CVE-2011-1760 in OProfile has been incomplete.

For reference, the description of the original DSA, is:

OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorized by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges.

For the oldstable distribution (lenny), this problem has been fixed in version 0.9.3-2+lenny2.

For the stable distribution (squeeze), this problem has been fixed in version 0.9.6-1.1+squeeze2.

For the testing distribution (wheezy), this problem has been fixed in version 0.9.6-1.4.

For the unstable distribution (sid), this problem has been fixed in version 0.9.6-1.4.

We recommend that you upgrade your oprofile packages.

Original Source

Url : http://www.debian.org/security/2011/dsa-2254

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-264 Permissions, Privileges, and Access Controls
25 % CWE-94 Failure to Control Generation of Code ('Code Injection')
25 % CWE-59 Improper Link Resolution Before File Access ('Link Following')
25 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12839
 
Oval ID: oval:org.mitre.oval:def:12839
Title: DSA-2254-2 oprofile -- command injection
Description: Jamie Strandboge noticed that the patch propoused to fix CVE-2011-1760 in OProfile has been incomplete. For reference, the description of the original DSA, is: OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorised by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges.
Family: unix Class: patch
Reference(s): DSA-2254-2
CVE-2011-1760
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): oprofile
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13066
 
Oval ID: oval:org.mitre.oval:def:13066
Title: DSA-2254-1 oprofile -- command injection
Description: OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorised by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges.
Family: unix Class: patch
Reference(s): DSA-2254-1
CVE-2011-1760
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): oprofile
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14110
 
Oval ID: oval:org.mitre.oval:def:14110
Title: USN-1166-1 -- oprofile vulnerabilities
Description: oprofile: System-wide profiler for Linux systems OProfile could be made to run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1166-1
CVE-2011-1760
CVE-2011-2471
CVE-2011-2472
 Version: 5
Platform(s): Ubuntu 10.04
 Product(s): oprofile
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 22

OpenVAS Exploits

Date Description
2011-08-03 Name : Debian Security Advisory DSA 2254-1 (oprofile)
File : nvt/deb_2254_1.nasl
2011-08-03 Name : Debian Security Advisory DSA 2254-2 (oprofile)
File : nvt/deb_2254_2.nasl
2011-07-27 Name : Fedora Update for oprofile FEDORA-2011-8076
File : nvt/gb_fedora_2011_8076_oprofile_fc15.nasl
2011-07-27 Name : Fedora Update for oprofile FEDORA-2011-8087
File : nvt/gb_fedora_2011_8087_oprofile_fc14.nasl
2011-07-18 Name : Ubuntu Update for oprofile USN-1166-1
File : nvt/gb_ubuntu_USN_1166_1.nasl
2011-06-20 Name : OProfile Multiple Vulnerabilities
File : nvt/gb_oprofile_mult_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
73719 OProfile utils/opcontrol do_dump_data Function --session-dir Argument opd_pip...
73717 OProfile utils/opcontrol --save Argument Traversal Arbitrary File Overwrite
73716 OProfile utils/opcontrol daemonrc Multiple Argument Shell Metacharacter Local...
72792 OProfile utils/opcontrol Shell Metacharacter Eval Injection Local Privilege E...

Nessus® Vulnerability Scanner

Date Description
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-09.nasl - Type : ACT_GATHER_INFO
2011-07-26 Name : The remote Fedora host is missing a security update.
File : fedora_2011-8076.nasl - Type : ACT_GATHER_INFO
2011-07-26 Name : The remote Fedora host is missing a security update.
File : fedora_2011-8087.nasl - Type : ACT_GATHER_INFO
2011-07-12 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1166-1.nasl - Type : ACT_GATHER_INFO
2011-06-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2254.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:30:14
  • Multiple Updates