Kod paketa oprofile uočen je novi nedostatak čijim iskorištavanjem napadači mogu ostvariti povećane ovlasti na ranjivom sustavu te pokrenuti proizvoljne naredbe jezgre.
Paket:
oprofile 0.x
Operacijski sustavi:
Fedora 14, Fedora 15
Kritičnost:
7.2
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
dobivanje većih privilegija, pokretanje proizvoljnih naredbi
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-1760
Izvorni ID preporuke:
FEDORA-2011-8087
Izvor:
Fedora
Problem:
Uzrok propusta je pogreška u opcontrol skripti.
Posljedica:
Lokalni korisnik može iskoristiti propust za povećanje ovlasti i pokretanje proizvoljnih naredbi jezgre.
Rješenje:
Korisnici se upućuju na primjenu poboljšanih programskih inačica.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8087
2011-06-10 12:43:11
--------------------------------------------------------------------------------
Name : oprofile
Product : Fedora 14
Version : 0.9.6
Release : 21.fc14
URL : http://oprofile.sf.net
Summary : System wide profiler
Description :
OProfile is a profiling system for systems running Linux. The
profiling runs transparently during the background, and profile data
can be collected at any time. OProfile makes use of the hardware performance
counters provided on Intel P6, and AMD Athlon family processors, and can use
the RTC for profiling on other x86 processor types.
See the HTML documentation for further details.
--------------------------------------------------------------------------------
Update Information:
When opcontrol was run by a normal user with sudo access it was possible for
the user to craft options to opcontrol that would allow commands to be run with
root privileges.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 7 2011 Will Cohen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-21
- Correct CVE-2011-1760. Resolves: rhbz #701508
* Tue Apr 5 2011 Will Cohen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-20
- Re-enable xenoprof patch.
* Thu Mar 31 2011 Will Cohen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-19
- Provide oprofile-static.
* Tue Mar 15 2011 Will Cohen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-18
- Clean up rpmlint complaints.
* Tue Mar 15 2011 Will Cohen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-17
- Correct oprofile user information.
* Thu Mar 10 2011 Will Cohen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-16
- Remove obsolete configure options.
* Thu Mar 10 2011 Will Cohen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-15
- Use QT4.
* Fri Feb 25 2011 Will Cohen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-14
- Add processors models for Intel westmere and core i7.
* Wed Feb 9 2011 Will Cohen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-12
- Eliminate illegal mutable use.
* Tue Feb 8 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 0.9.6-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Jan 6 2011 Will Cohen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-10
- Corrections for i386/arch_perfmon filters.
- Make nehalem events available.
- Add AMD family 12/14/15h support.
- Add Intel westemere support.
- opcontrol numeric argument checking.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #701508 - CVE-2011-1760 oprofile: Local privilege escalation via
crafted opcontrol event parameter [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=701508
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update oprofile' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8076
2011-06-10 12:42:03
--------------------------------------------------------------------------------
Name : oprofile
Product : Fedora 15
Version : 0.9.6
Release : 21.fc15
URL : http://oprofile.sf.net
Summary : System wide profiler
Description :
OProfile is a profiling system for systems running Linux. The
profiling runs transparently during the background, and profile data
can be collected at any time. OProfile makes use of the hardware performance
counters provided on Intel P6, and AMD Athlon family processors, and can use
the RTC for profiling on other x86 processor types.
See the HTML documentation for further details.
--------------------------------------------------------------------------------
Update Information:
When opcontrol was run by a normal user with sudo access it was possible for
the user to craft options to opcontrol that would allow commands to be run with
root privileges.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 7 2011 Will Cohen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.9.6-21
- Correct CVE-2011-1760. Resolves: rhbz #701508
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #701508 - CVE-2011-1760 oprofile: Local privilege escalation via
crafted opcontrol event parameter [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=701508
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update oprofile' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke