Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file

Josh Bressers Tue, 09 Aug 2011 12:57:18 -0700


----- Original Message -----
> This was reported by Christian Ohm at:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632923
> 
> The perf command, provided as part of the Linux kernel source, looks
> for and honors configuration settings in ./config. A local user could
> obtain elevated privileges by convincing a superuser to run the perf
> command from a directory the user controls.


Please use CVE-2011-2905.

Thanks.

-- 
    JB



-- 
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/1649708043.1926401.1312919589034.javamail.r...@zmail01.collab.prod.int.phx2.redhat.com

Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file

Reply via email to