Vulnerability Details : CVE-2011-2490
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
Vulnerability category: Input validation
Products affected by CVE-2011-2490
- cpe:2.3:a:nrl:opie:*:test1:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.32:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.22:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2490
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2490
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2011-2490
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2490
-
http://www.openwall.com/lists/oss-security/2011/06/23/5
oss-security - Re: CVE requests: opie off by one and setuid() failureExploit;Patch
-
http://www.debian.org/security/2011/dsa-2281
Debian -- Security Information -- DSA-2281-1 opie
-
http://www.openwall.com/lists/oss-security/2011/06/22/6
oss-security - CVE requests: opie off by one and setuid() failureExploit;Patch
-
http://www.securityfocus.com/bid/48390
OPIE Off By One Buffer Overflow Vulnerability and Local Privilege Escalation Vulnerability
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345
#631345 - opie: missing setuid() retval check in opielogin - Debian Bug report logsPatch
-
https://hermes.opensuse.org/messages/10082068
openSUSE.org - 503
-
https://hermes.opensuse.org/messages/10082052
openSUSE.org - 503
-
https://bugzillafiles.novell.org/attachment.cgi?id=435901
Patch
-
https://bugzilla.novell.com/show_bug.cgi?id=698772
Bug 698772 – VUL-0: opie: off by one errors in opiesuExploit;Patch
Jump to