Vulnerabilities > Maynard Johnson

DATE CVE VULNERABILITY TITLE RISK
2011-06-09 CVE-2011-2473 Link Following vulnerability in Maynard Johnson Oprofile
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.
6.3
2011-06-09 CVE-2011-2472 Path Traversal vulnerability in Maynard Johnson Oprofile
Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a ..
6.3
2011-06-09 CVE-2011-2471 Permissions, Privileges, and Access Controls vulnerability in Maynard Johnson Oprofile
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.
local
low complexity
maynard-johnson CWE-264
7.2
2011-06-09 CVE-2011-1760 Code Injection vulnerability in Maynard Johnson Oprofile
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument.
local
low complexity
maynard-johnson CWE-94
7.2
2006-02-08 CVE-2006-0576 Local Privilege Escalation vulnerability in OProfile OPControl Path Specification
Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs.
local
low complexity
maynard-johnson
7.2