Vigil@nce - Linux kernel: privilege elevation via perf
August 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can invite the administrator to execute the perf
command provided with the Linux kernel, in a directory where he
stored a malicious configuration file, in order to elevate his
privileges.
Severity: 1/4
Creation date: 18/08/2011
IMPACTED PRODUCTS
- Fedora
- Linux kernel
DESCRIPTION OF THE VULNERABILITY
The source code of the Linux kernel is provided with the perf
tool, which can be used to analyze performances of the system.
The perf tool reads a file configuration which can contain the
following directives:
– color.ui : customized color
– man.viewer : program to display help
– pager.* : program to display page per page
– etc.
This configuration file can be located at several places:
– /etc/perfconfig
– $HOME/.perfconfig
– ./config
The perf command thus accepts "config" files located in the
current directory.
A local attacker can therefore invite the administrator to execute
the perf command provided with the Linux kernel, in a directory
where he stored a malicious configuration file, in order to
elevate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-privilege-elevation-via-perf-10932