CVE Vulnerabilities

CVE-2006-0576

Published: Feb 08, 2006 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.

Affected Software

Name Vendor Start Version End Version
Oprofile Maynard_johnson 0.6.1 0.6.1
Oprofile Maynard_johnson 0.5.2 0.5.2
Oprofile Maynard_johnson 0.7 0.7
Oprofile Maynard_johnson 0.5.3 0.5.3
Oprofile Maynard_johnson 0.4 0.4
Oprofile Maynard_johnson 0.9 0.9
Oprofile Maynard_johnson * 0.9.1
Oprofile Maynard_johnson 0.8.1 0.8.1
Oprofile Maynard_johnson 0.8 0.8
Oprofile Maynard_johnson 0.5 0.5
Oprofile Maynard_johnson 0.1 0.1
Oprofile Maynard_johnson 0.2 0.2
Oprofile Maynard_johnson 0.5.4 0.5.4
Oprofile Maynard_johnson 0.7.1 0.7.1
Oprofile Maynard_johnson 0.5.1 0.5.1
Oprofile Maynard_johnson 0.3 0.3
Oprofile Maynard_johnson 0.6 0.6
Oprofile Maynard_johnson 0.8.2 0.8.2

References