7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.1%
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the
return value of the setuid system call, which allows local users to gain
privileges by arranging for an account to already be running its maximum
number of processes.
Author | Note |
---|---|
jdstrand | per mdeslaur, code not compiled |