[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-2490Date: (C)2011-07-26   (M)2023-12-22


opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-39966
SECUNIA-45136
SECUNIA-45448
BID-48390
DSA-2281
SUSE-SU-2011:0849
http://www.openwall.com/lists/oss-security/2011/06/22/6
http://www.openwall.com/lists/oss-security/2011/06/23/5
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345
https://bugzilla.novell.com/show_bug.cgi?id=698772
https://bugzillafiles.novell.org/attachment.cgi?id=435901
openSUSE-SU-2011:0848

CWE    1
CWE-20
OVAL    1
oval:org.secpod.oval:def:600591

© SecPod Technologies