Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-2473

Опубликовано: 09 июн. 2011
Источник: nvd
CVSS2: 6.3
EPSS Низкий

Описание

The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:maynard_johnson:oprofile:*:*:*:*:*:*:*:*
Версия до 0.9.6 (включая)
cpe:2.3:a:maynard_johnson:oprofile:0.1:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.2:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.3:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.4:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.5:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.6:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.7:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.8:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.9:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:maynard_johnson:oprofile:0.9.5:*:*:*:*:*:*:*

EPSS

Процентиль: 10%
0.00035
Низкий

6.3 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

ubuntu логотип

CVE-2011-2473

ubuntu
больше 14 лет назад

The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.

redhat логотип

CVE-2011-2473

redhat
больше 14 лет назад

The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.

debian логотип

CVE-2011-2473

debian
больше 14 лет назад

The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and ear ...

github логотип

GHSA-m545-63mf-qh6w

github
больше 3 лет назад

The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.

EPSS

Процентиль: 10%
0.00035
Низкий

6.3 Medium

CVSS2

Дефекты

CWE-59