CVE-2011-2490

Published: Jul 27, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure

mailing-list

x_refsource_MLIST

[oss-security] 20110622 CVE requests: opie off by one and setuid() failure

mailing-list

x_refsource_MLIST

openSUSE-SU-2011:0848

vendor-advisory

x_refsource_SUSE

https://bugzilla.novell.com/show_bug.cgi?id=698772

x_refsource_CONFIRM

DSA-2281

vendor-advisory

x_refsource_DEBIAN

39966

third-party-advisory

x_refsource_SECUNIA

SUSE-SU-2011:0849

vendor-advisory

x_refsource_SUSE

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345

x_refsource_CONFIRM

48390

vdb-entry

x_refsource_BID

https://bugzillafiles.novell.org/attachment.cgi?id=435901

x_refsource_CONFIRM

45448

third-party-advisory

x_refsource_SECUNIA

45136

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-2490

Description

Affected Products

References