Vulnerability Details CVE-2011-2490
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.0%
CVSS Severity
CVSS v2 Score 7.2
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345
- http://secunia.com/advisories/39966
- http://secunia.com/advisories/45136
- http://secunia.com/advisories/45448
- http://www.debian.org/security/2011/dsa-2281
- http://www.openwall.com/lists/oss-security/2011/06/22/6
- http://www.openwall.com/lists/oss-security/2011/06/23/5
- http://www.securityfocus.com/bid/48390
- https://bugzilla.novell.com/show_bug.cgi?id=698772
- https://bugzillafiles.novell.org/attachment.cgi?id=435901
- https://hermes.opensuse.org/messages/10082052
- https://hermes.opensuse.org/messages/10082068
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345
- http://secunia.com/advisories/39966
- http://secunia.com/advisories/45136
- http://secunia.com/advisories/45448
- http://www.debian.org/security/2011/dsa-2281
- http://www.openwall.com/lists/oss-security/2011/06/22/6
- http://www.openwall.com/lists/oss-security/2011/06/23/5
- http://www.securityfocus.com/bid/48390
- https://bugzilla.novell.com/show_bug.cgi?id=698772
- https://bugzillafiles.novell.org/attachment.cgi?id=435901
- https://hermes.opensuse.org/messages/10082052
- https://hermes.opensuse.org/messages/10082068
Products affected by CVE-2011-2490
-
cpe:2.3:a:nrl:opie:*
-
cpe:2.3:a:nrl:opie:2.10
-
cpe:2.3:a:nrl:opie:2.11
-
cpe:2.3:a:nrl:opie:2.2
-
cpe:2.3:a:nrl:opie:2.21
-
cpe:2.3:a:nrl:opie:2.22
-
cpe:2.3:a:nrl:opie:2.3
-
cpe:2.3:a:nrl:opie:2.32
-
cpe:2.3:a:nrl:opie:2.4