Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: perf: may parse user-controlled config file
From: Steve Grubb <sgrubb () redhat com>
Date: Tue, 9 Aug 2011 09:18:07 -0400

On Sunday, August 07, 2011 01:34:38 PM dann frazier wrote:
This was reported by Christian Ohm at:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632923

The perf command, provided as part of the Linux kernel source, looks
for and honors configuration settings in ./config. A local user could
obtain elevated privileges by convincing a superuser to run the perf
command from a directory the user controls.

And in recent kernels has an executable stack:
https://bugzilla.redhat.com/show_bug.cgi?id=704296

-Steve


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault