Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file

To: oss-security@lists.openwall.com
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>, Christian Ohm <chr.ohm@gmx.net>, Paul Mackerras <paulus@samba.org>, Ingo Molnar <mingo@elte.hu>, Arnaldo Carvalho de Melo <acme@ghostprotocols.net>, 632923@bugs.debian.org, coley <coley@mitre.org>
Subject: Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file
From: Josh Bressers <bressers@redhat.com>
Date: Tue, 9 Aug 2011 15:53:09 -0400 (EDT)
Message-id: <[🔎] 1649708043.1926401.1312919589034.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Reply-to: Josh Bressers <bressers@redhat.com>, 632923@bugs.debian.org
In-reply-to: <[🔎] 20110807173438.GA14534@dannf.org>


----- Original Message -----
> This was reported by Christian Ohm at:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632923
> 
> The perf command, provided as part of the Linux kernel source, looks
> for and honors configuration settings in ./config. A local user could
> obtain elevated privileges by convincing a superuser to run the perf
> command from a directory the user controls.

Please use CVE-2011-2905.

Thanks.

-- 
    JB

Reply to:

References:
- Bug#632923: CVE request: perf: may parse user-controlled config file
  - From: dann frazier <dannf@debian.org>

Prev by Date: Bug#637234: linux-image-3.0.0-1-686-pae: I/O errors using ext4 under xen
Next by Date: Bug#637240: linux-image-3.0.0-1-686-pae: Several problems after updating to kernel 3.0
Previous by thread: Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file
Next by thread: Bug#573211: linux-image-2.6.26-2-sparc64 - Kernel panic - not syncing: Aiee
Index(es):
- Date
- Thread