7.2
CVE-2011-2490
- EPSS 0.53%
- Veröffentlicht 27.07.2011 02:55:02
- Zuletzt bearbeitet 16.06.2026 23:31:26
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.407 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/39966
http://secunia.com/advisories/45136
http://www.debian.org/security/2011/dsa-2281
http://secunia.com/advisories/45448
http://www.openwall.com/lists/oss-security/2011/06/22/6
http://www.openwall.com/lists/oss-security/2011/06/23/5
http://www.securityfocus.com/bid/48390
https://bugzilla.novell.com/show_bug.cgi?id=698772
https://hermes.opensuse.org/messages/10082052
https://hermes.opensuse.org/messages/10082068
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345
https://bugzillafiles.novell.org/attachment.cgi?id=435901