CVE-2011-2905

Priority
Medium
Description
Untrusted search path vulnerability in the perf_config function in
tools/perf/util/config.c in perf, as distributed in the Linux kernel before
3.1, allows local users to overwrite arbitrary files via a crafted config
file in the current working directory.
Ubuntu-Description
Christian Ohm discovered that the perf command looks for configuration
files in the current directory. If a privileged user were tricked into
running perf in a directory containing a malicious configuration file, an
attacker could run arbitrary commands and possibly gain privileges.
References
Bugs
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.1~rc2)
Patches:
Introduced by 0780060124011b94af55830939c86cc0916be0f5Fixed by aba8d056078e47350d85b06a9cabd5afcc4b72ea
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
More Information

Updated: 2017-08-11 23:48:07 UTC (commit 13081)