Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2489

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2011-2489
Last Modified 06 Sep 2011 11:17:30
Published 26 Jul 2011 10:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2489

Summary

Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.

Vulnerable Systems

Application

  • Nrl Opie 2.10

  • Nrl Opie 2.11

  • Nrl Opie 2.2

  • Nrl Opie 2.21

  • Nrl Opie 2.22

  • Nrl Opie 2.3

  • Nrl Opie 2.32

  • Nrl Opie 2.4

  • Nrl Opie 2.4.1


References

CONFIRM - https://bugzillafiles.novell.org/attachment.cgi?id=435902

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=698772

MLIST - [oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure

MLIST - [oss-security] 20110622 CVE requests: opie off by one and setuid() failure

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344

SUSE - SUSE-SU-2011:0849

SUSE - openSUSE-SU-2011:0848

BID - 48390

DEBIAN - DSA-2281

SECUNIA - 45448

SECUNIA - 45136

Related Patches

Novell SUSE 2011:7594 opie security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:57:02