LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: arbitrary command execution

Package(s):kernel CVE #(s):CVE-2011-2905
Created:August 18, 2011 Updated:November 28, 2011
Description: From the Red Hat bugzilla:

It was reported that perf would look for configuration files in /etc/perfconfig, ~/.perfconfig, and ./config. If ./config is not a perf configuration file, perf could fail or possibly do unexpected things. If a privileged user was tricked into running perf in a directory containing a malicious ./config file, it could possibly lead to the execution of arbitrary commands.

Alerts:
Ubuntu USN-1285-1 2011-11-29
Oracle ELSA-2011-1465 2011-11-28
Oracle ELSA-2011-2033 2011-11-28
Oracle ELSA-2011-2033 2011-11-28
Ubuntu USN-1281-1 2011-11-24
Ubuntu USN-1279-1 2011-11-24
Scientific Linux SL-kern-20111122 2011-11-22
Red Hat RHSA-2011:1465-01 2011-11-22
Ubuntu USN-1256-1 2011-11-09
Ubuntu USN-1245-1 2011-10-25
Ubuntu USN-1244-1 2011-10-25
Ubuntu USN-1243-1 2011-10-25
Ubuntu USN-1242-1 2011-10-25
Ubuntu USN-1241-1 2011-10-25
Ubuntu USN-1240-1 2011-10-25
Ubuntu USN-1239-1 2011-10-25
Ubuntu USN-1253-1 2011-11-08
Debian DSA-2303-2 2011-09-10
Debian DSA-2303-1 2011-09-08
Fedora FEDORA-2011-11103 2011-08-18
Fedora FEDORA-2011-11019 2011-08-17
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds