CVE-2006-0576

Name of the Vulnerable Software and Affected Versions OProfile versions 0.9.1 and earlier

Description The issue allows local users to execute arbitrary commands via a modified PATH that references malicious which or dirname programs. This can be particularly problematic in configurations where opcontrol is accessed using sudo, potentially elevating the privileges of the executed commands.

Recommendations For OProfile versions 0.9.1 and earlier, consider restricting access to opcontrol to minimize the risk of exploitation, especially in configurations where sudo is used to access opcontrol. At the moment, there is no information about a newer version that contains a fix for this vulnerability.