CVE-2011-1760
OProfile < 0.9.6 - Local Privilege Escalation via Eval Injection in opcontrol
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-1760. PoCs published by Stephane Chauveau.
AI-analyzed exploit summary This exploit leverages a command injection vulnerability in OProfile's opcontrol utility. By passing a malformed event specification, an attacker can execute arbitrary commands with superuser privileges if sudo is configured to allow opcontrol execution.
Description
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument.
Exploits (1)
This exploit leverages a command injection vulnerability in OProfile's opcontrol utility. By passing a malformed event specification, an attacker can execute arbitrary commands with superuser privileges if sudo is configured to allow opcontrol execution.