Test ID:	1.3.6.1.4.1.25623.1.0.69986
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2254-2)
Summary:	The remote host is missing an update for the Debian 'oprofile' package(s) announced via the DSA-2254-2 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'oprofile' package(s) announced via the DSA-2254-2 advisory. Vulnerability Insight: OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorized by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges. For the oldstable distribution (lenny), this problem has been fixed in version 0.9.3-2+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 0.9.6-1.1+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 0.9.6-1.2. For the unstable distribution (sid), this problem has been fixed in version 0.9.6-1.2. We recommend that you upgrade your oprofile packages. Affected Software/OS: 'oprofile' package(s) on Debian 5, Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1760 44790 http://secunia.com/advisories/44790 45205 http://secunia.com/advisories/45205 47652 http://www.securityfocus.com/bid/47652 DSA-2254 http://www.debian.org/security/2011/dsa-2254 USN-1166-1 http://www.ubuntu.com/usn/USN-1166-1 [oss-security] 20110429 CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/04/29/3 [oss-security] 20110430 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/05/01/1 http://openwall.com/lists/oss-security/2011/05/01/2 [oss-security] 20110502 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/05/02/17 [oss-security] 20110503 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/05/03/2 [oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/05/10/6 http://openwall.com/lists/oss-security/2011/05/10/7 [oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/05/11/1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212 https://bugzilla.redhat.com/show_bug.cgi?id=700883
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.