CVE-2011-2471

Name of the Vulnerable Software and Affected Versions OProfile versions 0.9.6 and earlier

Description The issue allows local users to potentially gain privileges through shell metacharacters in certain arguments, including the --vmlinux, --session-dir, and --xen arguments. This is related to the daemonrc file and the do save setup and do load setup functions.

Recommendations For OProfile versions 0.9.6 and earlier, consider restricting access to the utils/opcontrol utility until a fix is available. As a temporary workaround, avoid using shell metacharacters in the --vmlinux, --session-dir, and --xen arguments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.