Debian Security Advisory 2254-2
https://packetstormsecurity.com/files/103106/dsa-2254-2.txt
https://packetstormsecurity.com/files/103106/dsa-2254-2.txthttps://packetstormsecurity.com/files/103106/Debian-Security-Advisory-2254-2.htmlSat, 16 Jul 2011 15:31:09 GMTDebian Linux Security Advisory 2254-2 - Jamie Strandboge noticed that the patch proposed to fix CVE-2011-1760 in OProfile has been incomplete. OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorized by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges.