CVE-2011-2473

Name of the Vulnerable Software and Affected Versions OProfile versions 0.9.6 and earlier

Description The issue is related to the do dump data function in utils/opcontrol, which might allow local users to create or overwrite arbitrary files. This can be achieved via a crafted --session-dir argument in conjunction with a symlink attack on the opd pipe file.

Recommendations For OProfile versions 0.9.6 and earlier, consider restricting access to the do dump data function in utils/opcontrol until a patch is available. As a temporary workaround, avoid using the --session-dir argument with potentially crafted input to minimize the risk of exploitation.