Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file

To: oss-security@lists.openwall.com
Cc: dann frazier <dannf@debian.org>, Peter Zijlstra <a.p.zijlstra@chello.nl>, Christian Ohm <chr.ohm@gmx.net>, Paul Mackerras <paulus@samba.org>, Ingo Molnar <mingo@elte.hu>, Arnaldo Carvalho de Melo <acme@ghostprotocols.net>, 632923@bugs.debian.org
Subject: Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 9 Aug 2011 09:18:07 -0400
Message-id: <[🔎] 201108090918.08245.sgrubb@redhat.com>
Reply-to: Steve Grubb <sgrubb@redhat.com>, 632923@bugs.debian.org
In-reply-to: <[🔎] 20110807173438.GA14534@dannf.org>
References: <[🔎] 20110807173438.GA14534@dannf.org>

On Sunday, August 07, 2011 01:34:38 PM dann frazier wrote:
> This was reported by Christian Ohm at:
>   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632923
> 
> The perf command, provided as part of the Linux kernel source, looks
> for and honors configuration settings in ./config. A local user could
> obtain elevated privileges by convincing a superuser to run the perf
> command from a directory the user controls.

And in recent kernels has an executable stack:
https://bugzilla.redhat.com/show_bug.cgi?id=704296

-Steve

Reply to:

References:
- Bug#632923: CVE request: perf: may parse user-controlled config file
  - From: dann frazier <dannf@debian.org>

Prev by Date: Bug#637190: linux-image-2.6.32-5-amd64: Random kernel panics & general protection faults
Next by Date: Bug#573144: linux-image-2.6-686: kernel freezes related to i915 handle error
Previous by thread: Bug#632923: CVE request: perf: may parse user-controlled config file
Next by thread: Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file
Index(es):
- Date
- Thread