7.2

CVE-2011-2490

Exploit
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NrlOpie Updatetest1 Version <= 2.4.1
NrlOpie Version2.2
NrlOpie Version2.3
NrlOpie Version2.4
NrlOpie Version2.10
NrlOpie Version2.11
NrlOpie Version2.21
NrlOpie Version2.22
NrlOpie Version2.32
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.407
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/39966
Vendor Advisory
http://secunia.com/advisories/45136
Vendor Advisory
http://www.debian.org/security/2011/dsa-2281
http://secunia.com/advisories/45448
http://www.openwall.com/lists/oss-security/2011/06/22/6
Patch
Exploit
http://www.openwall.com/lists/oss-security/2011/06/23/5
Patch
Exploit
http://www.securityfocus.com/bid/48390
https://bugzilla.novell.com/show_bug.cgi?id=698772
Patch
Exploit
https://hermes.opensuse.org/messages/10082052
https://hermes.opensuse.org/messages/10082068
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345
Patch
https://bugzillafiles.novell.org/attachment.cgi?id=435901
Patch