Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2473 to the following vulnerability: Name: CVE-2011-2473 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2473 Assigned: 20110609 Reference: URL:http://openwall.com/lists/oss-security/2011/05/03/1 Reference: URL:http://openwall.com/lists/oss-security/2011/05/10/6 Reference: URL:http://openwall.com/lists/oss-security/2011/05/10/7 Reference: URL:http://openwall.com/lists/oss-security/2011/05/11/1 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212 Reference: DEBIAN:DSA-2254 Reference: URL:http://www.debian.org/security/2011/dsa-2254 The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.
The fix that was committed upstream is: http://oprofile.git.sourceforge.net/git/gitweb.cgi?p=oprofile/oprofile;a=commitdiff;h=718de99bbea1e912cea175522fb1b86c72db8de9 It should be noted that this fix does not completely address this issue. There's still a race condition, which may allow attacker to replace pipe file with a symlink after the opd_pipe type was checked.
Statement: Red Hat currently does not plan to address this issue. For details refer to: https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18