← Back

CVE-2006-0576

nvd nist
Published: Feb 8, 2006Modified: Apr 16, 2026

JSON object

Loading...
7.2
Vector
AV:L/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 3.9 / Impact: 10.0
Source: NVD

Description

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.

Affected (18)

Maynard Johnson
1 product
Oprofile
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
Maynard Johnson
Oprofile
Up to 0.9.1
Oprofile
Version 0.1
Oprofile
Version 0.2
Oprofile
Version 0.3
Oprofile
Version 0.4
Oprofile
Version 0.5.1
Oprofile
Version 0.5.2
Oprofile
Version 0.5.3
Oprofile
Version 0.5.4
Oprofile
Version 0.5
Oprofile
Version 0.6.1
Oprofile
Version 0.6
Oprofile
Version 0.7.1
Oprofile
Version 0.7
Oprofile
Version 0.8.1
Oprofile
Version 0.8.2
Oprofile
Version 0.8
Oprofile
Version 0.9

References (8)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.