CVE-2011-2905
Publication date 6 October 2011
Last updated 24 July 2024
Ubuntu priority
Untrusted search path vulnerability in the perf_config function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory.
From the Ubuntu Security Team
Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | ||
| linux-ec2 | ||
| linux-fsl-imx51 | ||
| linux-lts-backport-maverick | ||
| linux-lts-backport-natty | ||
| linux-lts-backport-oneiric | ||
| linux-mvl-dove | ||
| linux-ti-omap4 | ||
References
Related Ubuntu Security Notices (USN)
- USN-1241-1
- Linux kernel (i.MX51) vulnerabilities
- 25 October 2011
- USN-1243-1
- Linux kernel vulnerabilities
- 25 October 2011
- USN-1253-1
- Linux kernel vulnerabilities
- 8 November 2011
- USN-1239-1
- Linux kernel (EC2) vulnerabilities
- 25 October 2011
- USN-1281-1
- Linux (OMAP4) vulnerabilities
- 24 November 2011
- USN-1285-1
- Linux kernel vulnerabilities
- 29 November 2011
- USN-1279-1
- Linux (Natty backport) vulnerabilities
- 24 November 2011
- USN-1244-1
- Linux kernel (OMAP4) vulnerabilities
- 25 October 2011
- USN-1240-1
- Linux kernel (Marvell DOVE) vulnerabilities
- 25 October 2011
- USN-1245-1
- Linux kernel (Marvell DOVE) vulnerabilities
- 25 October 2011
- USN-1242-1
- Linux kernel (Maverick backport) vulnerabilities
- 25 October 2011