CVE-2011-2490
6.3 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.4%
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345
secunia.com/advisories/39966
secunia.com/advisories/45136
secunia.com/advisories/45448
www.debian.org/security/2011/dsa-2281
www.openwall.com/lists/oss-security/2011/06/22/6
www.openwall.com/lists/oss-security/2011/06/23/5
www.securityfocus.com/bid/48390
bugzilla.novell.com/show_bug.cgi?id=698772
bugzillafiles.novell.org/attachment.cgi?id=435901
hermes.opensuse.org/messages/10082052
hermes.opensuse.org/messages/10082068
Related
6.3 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.4%