header-logo
Suggest Exploit
vendor:
OProfile
by:
7.5
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name: OProfile
Affected Version From: All versions of OProfile
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:oprofile_project:oprofile
Metasploit:
Other Scripts:
Platforms Tested: Linux

Local Privilege Escalation in OProfile

The OProfile tool is vulnerable to a local privilege escalation vulnerability. An attacker can exploit this vulnerability to execute arbitrary commands with superuser privileges. By using a specially crafted command, an attacker can run arbitrary commands with elevated privileges.

Mitigation:

It is recommended to update to the latest version of OProfile to mitigate this vulnerability. Additionally, users should ensure that proper access controls are in place to restrict unauthorized access to the affected system.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47652/info

OProfile is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to run arbitrary commands with superuser privileges. 

The following example command is available:

sudo opcontrol -e "abcd;/usr/bin/id"