OProfile 0.9.6 – ‘opcontrol’ Utility ‘set_event()’ Local Privilege Escalation

Exploit Database
28 阅读

作者： Stephane Chauveau

日期： 2011-04-29
类别：
- local
平台：
- linux
来源：https://www.exploit-db.com/exploits/35681/

source: https://www.securityfocus.com/bid/47652/info

OProfile is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to run arbitrary commands with superuser privileges. 

The following example command is available:

sudo opcontrol -e "abcd;/usr/bin/id"

last Exploits
OProfile 0.9.6 – ‘opcontrol’ Utility ‘set_event()’ Local Privilege Escalation的更多信息

Microsoft Windows – Windows Error Reporting Local Privilege Escalation：
Linux Kernel – VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation：
CrowdStrike Falcon AGENT 6.44.15806 – Uninstall without Installation Token：
ptrace – Sudo Token Privilege Escalation (Metasploit)：
ExifTool 12.23 – Arbitrary Code Execution：
Foxit Reader 4.1.1 – Local Stack Buffer Overflow：
Easy DVD Creater 2.5.11 – Local Buffer Overflow (SEH)：
Microsoft HTML Help Workshop 4.74 – ‘.hhp’ Index Buffer Overflow (Metasploit) (3)：