oss-sec mailing list archives

CVE request: perf: may parse user-controlled config file

From: dann frazier <dannf () debian org>
Date: Sun, 7 Aug 2011 11:34:38 -0600

This was reported by Christian Ohm at:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632923

The perf command, provided as part of the Linux kernel source, looks
for and honors configuration settings in ./config. A local user could
obtain elevated privileges by convincing a superuser to run the perf
command from a directory the user controls.

Current thread:

CVE request: perf: may parse user-controlled config file dann frazier (Aug 09)
- Re: CVE request: perf: may parse user-controlled config file Steve Grubb (Aug 09)
  - Re: CVE request: perf: may parse user-controlled config file Yves-Alexis Perez (Aug 09)
    - Re: CVE request: perf: may parse user-controlled config file Steve Grubb (Aug 10)
  - Re: CVE request: perf: may parse user-controlled config file dann frazier (Aug 11)
- Re: CVE request: perf: may parse user-controlled config file Josh Bressers (Aug 09)