Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2490

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2011-2490
Last Modified 06 Sep 2011 11:17:30
Published 26 Jul 2011 10:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2490

Summary

opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.

Vulnerable Systems

Application

  • Nrl Opie 2.10

  • Nrl Opie 2.11

  • Nrl Opie 2.2

  • Nrl Opie 2.21

  • Nrl Opie 2.22

  • Nrl Opie 2.3

  • Nrl Opie 2.32

  • Nrl Opie 2.4

  • Nrl Opie 2.4.1


References

CONFIRM - https://bugzillafiles.novell.org/attachment.cgi?id=435901

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=698772

MLIST - [oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure

MLIST - [oss-security] 20110622 CVE requests: opie off by one and setuid() failure

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345

SUSE - SUSE-SU-2011:0849

SUSE - openSUSE-SU-2011:0848

BID - 48390

DEBIAN - DSA-2281

SECUNIA - 45448

SECUNIA - 45136

SECUNIA - 39966

Related Patches

Novell SUSE 2011:7594 opie security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:57:02