Test ID:	1.3.6.1.4.1.25623.1.0.840701
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1166-1)
Summary:	The remote host is missing an update for the 'oprofile' package(s) announced via the USN-1166-1 advisory.
Description:	Summary: The remote host is missing an update for the 'oprofile' package(s) announced via the USN-1166-1 advisory. Vulnerability Insight: Stephane Chauveau discovered that OProfile did not properly perform input validation when processing arguments to opcontrol. A local user who is allowed to run opcontrol with privileges could exploit this to run arbitrary commands as the privileged user. (CVE-2011-1760, CVE-2011-2471) Stephane Chauveau discovered a directory traversal vulnerability in OProfile when processing the --save argument to opcontrol. A local user could exploit this to overwrite arbitrary files with the privileges of the user invoking the program. (CVE-2011-2472) Affected Software/OS: 'oprofile' package(s) on Ubuntu 10.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1760 44790 http://secunia.com/advisories/44790 45205 http://secunia.com/advisories/45205 47652 http://www.securityfocus.com/bid/47652 DSA-2254 http://www.debian.org/security/2011/dsa-2254 USN-1166-1 http://www.ubuntu.com/usn/USN-1166-1 [oss-security] 20110429 CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/04/29/3 [oss-security] 20110430 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/05/01/1 http://openwall.com/lists/oss-security/2011/05/01/2 [oss-security] 20110502 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/05/02/17 [oss-security] 20110503 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/05/03/2 [oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/05/10/6 http://openwall.com/lists/oss-security/2011/05/10/7 [oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo http://openwall.com/lists/oss-security/2011/05/11/1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212 https://bugzilla.redhat.com/show_bug.cgi?id=700883 Common Vulnerability Exposure (CVE) ID: CVE-2011-2471 Debian Security Information: DSA-2254 (Google Search) http://openwall.com/lists/oss-security/2011/05/03/1 XForce ISS Database: oprofile-opcontrol-priv-escalation(67980) https://exchange.xforce.ibmcloud.com/vulnerabilities/67980 Common Vulnerability Exposure (CVE) ID: CVE-2011-2472 XForce ISS Database: oprofile-opcontrol-dir-traversal(67979) https://exchange.xforce.ibmcloud.com/vulnerabilities/67979
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.