CVE-2011-2490: Input Validation
First published: Wed Jul 27 2011(Updated: )
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nrl Opie | =2.3 | |
| Nrl Opie | <=2.4.1 | |
| Nrl Opie | =2.10 | |
| Nrl Opie | =2.2 | |
| Nrl Opie | =2.32 | |
| Nrl Opie | =2.4 | |
| Nrl Opie | =2.21 | |
| Nrl Opie | =2.22 | |
| Nrl Opie | =2.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345
- http://secunia.com/advisories/39966
- https://bugzilla.novell.com/show_bug.cgi?id=698772
- http://www.openwall.com/lists/oss-security/2011/06/23/5
- http://secunia.com/advisories/45136
- http://www.debian.org/security/2011/dsa-2281
- http://www.securityfocus.com/bid/48390
- http://www.openwall.com/lists/oss-security/2011/06/22/6
- https://bugzillafiles.novell.org/attachment.cgi?id=435901
- https://hermes.opensuse.org/messages/10082068
- http://secunia.com/advisories/45448
- https://hermes.opensuse.org/messages/10082052
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/event
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nrl
- canonical/nrl opie
- version/nrl opie/2.3
- version/nrl opie/2.4.1
- version/nrl opie/2.10
- version/nrl opie/2.2
- version/nrl opie/2.32
- version/nrl opie/2.4
- version/nrl opie/2.21
- version/nrl opie/2.22
- version/nrl opie/2.11