3 results (0.006 seconds)

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 3

Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line. Múltiples errores "off-by-one" (desbordamiento por un elemento) en opiesu.c de opiesu en OPIE 2.4.1-test1 y versiones anteriores permiten a usuarios locales escalar privilegios a través de un comando modificado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344 http://secunia.com/advisories/45136 http://secunia.com/advisories/45448 http://www.debian.org/security/2011/dsa-2281 http://www.openwall.com/lists/oss-security/2011/06/22/6 http://www.openwall.com/lists/oss-security/2011/06/23/5 http://www.securityfocus.com/bid/48390 https://bugzilla.novell.com/show_bug.cgi?id=698772 https://bugzillafiles.novell.org/attachment.cgi?id=435902 https://hermes.opensuse.org/messa • CWE-189: Numeric Errors •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 3

opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes. opielogin.c de opielogin de OPIE 2.4.1-test1 y versiones anteriores no comprueba el valor de retorno de la llamada al sistema setuid, lo que permite a usuarios locales escalar privilegios disponiendo de una cuenta que ya esté ejecutando su número máximo de procesos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345 http://secunia.com/advisories/39966 http://secunia.com/advisories/45136 http://secunia.com/advisories/45448 http://www.debian.org/security/2011/dsa-2281 http://www.openwall.com/lists/oss-security/2011/06/22/6 http://www.openwall.com/lists/oss-security/2011/06/23/5 http://www.securityfocus.com/bid/48390 https://bugzilla.novell.com/show_bug.cgi?id=698772 https://bugzillafiles.novell.org/attachment.cgi?id=435 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 84%CPEs: 44EXPL: 2

Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. Error Off-by-oneen en la función __opiereadrec en readrec.c en libopie en OPIE v2.4.1-test1 y anteriores, utilizada en FreeBSD v6.4 hasta v8.1-PRERELEASE y otras plataformas, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección a través de un nombre de usuraio largo, como se ha demostrado mediante un comando USER largo en el ftpd FreeBSD v8.0. • https://www.exploit-db.com/exploits/12762 http://blog.pi3.com.pl/?p=111 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932 http://secunia.com/advisories/39963 http://secunia.com/advisories/39966 http://secunia.com/advisories/45136 http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc http://securityreason.com/achievement_securityalert/87 http://securityreason.com/securityalert/7450 http://securitytracker.com/id?1024040 http://securitytracker.com/id?1025709 http&# • CWE-189: Numeric Errors •