CVE-2011-2905 (retired)

Priority
Description
Untrusted search path vulnerability in the perf_config function in
tools/perf/util/config.c in perf, as distributed in the Linux kernel before
3.1, allows local users to overwrite arbitrary files via a crafted config
file in the current working directory.
Ubuntu-Description
Christian Ohm discovered that the perf command looks for configuration
files in the current directory. If a privileged user were tricked into
running perf in a directory containing a malicious configuration file, an
attacker could run arbitrary commands and possibly gain privileges.
Notes
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.1~rc2)
Patches:
Introduced by
0780060124011b94af55830939c86cc0916be0f5
Fixed by
aba8d056078e47350d85b06a9cabd5afcc4b72ea
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
Package
Upstream:released (3.1~rc2)
More Information

Updated: 2019-10-09 07:37:54 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)