Bug#632923: CVE request: perf: may parse user-controlled config file

To: oss-security@lists.openwall.com
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>, Christian Ohm <chr.ohm@gmx.net>, Paul Mackerras <paulus@samba.org>, Ingo Molnar <mingo@elte.hu>, Arnaldo Carvalho de Melo <acme@ghostprotocols.net>, 632923@bugs.debian.org
Subject: Bug#632923: CVE request: perf: may parse user-controlled config file
From: dann frazier <dannf@debian.org>
Date: Sun, 7 Aug 2011 11:34:38 -0600
Message-id: <[🔎] 20110807173438.GA14534@dannf.org>
Reply-to: dann frazier <dannf@debian.org>, 632923@bugs.debian.org

This was reported by Christian Ohm at:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632923

The perf command, provided as part of the Linux kernel source, looks
for and honors configuration settings in ./config. A local user could
obtain elevated privileges by convincing a superuser to run the perf
command from a directory the user controls.

Reply to:

Follow-Ups:
- Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file
  - From: Steve Grubb <sgrubb@redhat.com>
- Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file
  - From: Josh Bressers <bressers@redhat.com>

Prev by Date: Bug#637155: tg3: Net driver tg3 errors with bridging and vlan
Next by Date: Bug#573211: linux-image-2.6.26-2-sparc64 - Kernel panic - not syncing: Aiee
Previous by thread: Bug#637155: tg3: Net driver tg3 errors with bridging and vlan
Next by thread: Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file
Index(es):
- Date
- Thread