CVE-2011-2490: Input Validation
First published: Wed Jul 27 2011(Updated: )
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nrl Opie | =2.3 | |
| Nrl Opie | <=2.4.1 | |
| Nrl Opie | =2.10 | |
| Nrl Opie | =2.2 | |
| Nrl Opie | =2.32 | |
| Nrl Opie | =2.4 | |
| Nrl Opie | =2.21 | |
| Nrl Opie | =2.22 | |
| Nrl Opie | =2.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345
- http://secunia.com/advisories/39966
- https://bugzilla.novell.com/show_bug.cgi?id=698772
- http://www.openwall.com/lists/oss-security/2011/06/23/5
- http://secunia.com/advisories/45136
- http://www.debian.org/security/2011/dsa-2281
- http://www.securityfocus.com/bid/48390
- http://www.openwall.com/lists/oss-security/2011/06/22/6
- https://bugzillafiles.novell.org/attachment.cgi?id=435901
- https://hermes.opensuse.org/messages/10082068
- http://secunia.com/advisories/45448
- https://hermes.opensuse.org/messages/10082052
Frequently Asked Questions
What is the severity of CVE-2011-2490?
CVE-2011-2490 is classified as a high severity vulnerability due to the potential for local privilege escalation.
How do I fix CVE-2011-2490?
To mitigate CVE-2011-2490, update to a patched version of OPIE that addresses the issue with the setuid system call.
Who is affected by CVE-2011-2490?
CVE-2011-2490 affects local users of OPIE versions 2.4.1-test1 and earlier, and certain specific versions of OPIE 2.x.
What does CVE-2011-2490 exploit?
CVE-2011-2490 exploits the lack of return value checks on the setuid system call, allowing privilege escalation.
Is there a workaround for CVE-2011-2490?
While the best solution is to update OPIE, temporarily restricting local user access may serve as a workaround for CVE-2011-2490.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/severity
- agent/author
- agent/remedy
- agent/event
- agent/tags
- agent/first-publish-date
- agent/source
- vendor/nrl
- canonical/nrl opie
- version/nrl opie/2.3
- version/nrl opie/2.4.1
- version/nrl opie/2.10
- version/nrl opie/2.2
- version/nrl opie/2.32
- version/nrl opie/2.4
- version/nrl opie/2.21
- version/nrl opie/2.22
- version/nrl opie/2.11