CVE-2011-2905

Priority
Description
Untrusted search path vulnerability in the perf_config function in
tools/perf/util/config.c in perf, as distributed in the Linux kernel before
3.1, allows local users to overwrite arbitrary files via a crafted config
file in the current working directory.
Ubuntu-Description
Christian Ohm discovered that the perf command looks for configuration
files in the current directory. If a privileged user were tricked into
running perf in a directory containing a malicious configuration file, an
attacker could run arbitrary commands and possibly gain privileges.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.1~rc2)
Patches:
Introduced by 0780060124011b94af55830939c86cc0916be0f5Fixed by aba8d056078e47350d85b06a9cabd5afcc4b72ea
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
More Information

Updated: 2018-10-31 21:00:46 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)