13 matches found
SUSE CVE-2011-2490
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes...
openSUSE Security Update : opie (openSUSE-SU-2011:0848-1)
This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin CVE-2011-2490. This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...
openSUSE Security Update : opie (openSUSE-SU-2011:0848-1)
This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin CVE-2011-2490. This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...
SuSE 10 Security Update : opie (ZYPP Patch Number 7594)
This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin. CVE-2011-2490 This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...
Debian: Security Advisory (DSA-2281-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE 11.1 Security Update : opie (SAT Patch Number 4815)
This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin. CVE-2011-2490 This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...
SuSE 11.1 Security Update : opie (SAT Patch Number 4815)
This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin. CVE-2011-2490 This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...
SuSE 10 Security Update : opie (ZYPP Patch Number 7595)
This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin. CVE-2011-2490 This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...
CVE-2011-2490
CVE-2011-2490 affects OPIE’s opielogin in opie 2.4.1-test1 and earlier, where it does not check the return value of setuid(), enabling local privilege escalation for an account already at its max number of processes. Connected SUSE/openSUSE advisories (e.g., openSUSE-SU-2011:0848-1) and related N...
[SECURITY] [DSA 2281-1] opie security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2281-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 21, 2011 http://www.debian.org/security/faq -...
Debian DSA-2281-1 : opie - several vulnerabilities
Sebastian Krahmer discovered that opie, a system that makes it simple to use One-Time passwords in applications, is prone to a privilege escalation CVE-2011-2490 and an off-by-one error, which can lead to the execution of arbitrary code CVE-2011-2489 . Adam Zabrocki and Maksymilian Arciemowicz al...
[SECURITY] [DSA 2281-1] opie security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2281-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 21, 2011 http://www.debian.org/security/faq -...
DSA-2281-1 opie - several
Bulletin has no description...