Vulnerability Description
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nrl | Opie | <= 2.4.1 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345Patch
- http://secunia.com/advisories/39966Vendor Advisory
- http://secunia.com/advisories/45136Vendor Advisory
- http://secunia.com/advisories/45448
- http://www.debian.org/security/2011/dsa-2281
- http://www.openwall.com/lists/oss-security/2011/06/22/6ExploitPatch
- http://www.openwall.com/lists/oss-security/2011/06/23/5ExploitPatch
- http://www.securityfocus.com/bid/48390
- https://bugzilla.novell.com/show_bug.cgi?id=698772ExploitPatch
- https://bugzillafiles.novell.org/attachment.cgi?id=435901Patch
- https://hermes.opensuse.org/messages/10082052
- https://hermes.opensuse.org/messages/10082068
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345Patch
- http://secunia.com/advisories/39966Vendor Advisory
- http://secunia.com/advisories/45136Vendor Advisory
FAQ
What is CVE-2011-2490?
CVE-2011-2490 is a vulnerability with a CVSS score of 7.2 (HIGH). opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already b...
How severe is CVE-2011-2490?
CVE-2011-2490 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2490?
Check the references section above for vendor advisories and patch information. Affected products include: Nrl Opie.