CVE-2011-2490
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
opielogin.c de opielogin de OPIE 2.4.1-test1 y versiones anteriores no comprueba el valor de retorno de la llamada al sistema setuid, lo que permite a usuarios locales escalar privilegios disponiendo de una cuenta que ya esté ejecutando su número máximo de procesos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-06-15 CVE Reserved
- 2011-07-27 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/45448 | Third Party Advisory | |
| http://www.securityfocus.com/bid/48390 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/22/6 | 2024-08-06 | |
| http://www.openwall.com/lists/oss-security/2011/06/23/5 | 2024-08-06 | |
| https://bugzilla.novell.com/show_bug.cgi?id=698772 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345 | 2011-09-07 | |
| https://bugzillafiles.novell.org/attachment.cgi?id=435901 | 2011-09-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/39966 | 2011-09-07 | |
| http://secunia.com/advisories/45136 | 2011-09-07 | |
| http://www.debian.org/security/2011/dsa-2281 | 2011-09-07 | |
| https://hermes.opensuse.org/messages/10082052 | 2011-09-07 | |
| https://hermes.opensuse.org/messages/10082068 | 2011-09-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nrl Search vendor "Nrl" | Opie Search vendor "Nrl" for product "Opie" | <= 2.4.1 Search vendor "Nrl" for product "Opie" and version " <= 2.4.1" | test1 |
Affected
| ||||||
| Nrl Search vendor "Nrl" | Opie Search vendor "Nrl" for product "Opie" | 2.2 Search vendor "Nrl" for product "Opie" and version "2.2" | - |
Affected
| ||||||
| Nrl Search vendor "Nrl" | Opie Search vendor "Nrl" for product "Opie" | 2.3 Search vendor "Nrl" for product "Opie" and version "2.3" | - |
Affected
| ||||||
| Nrl Search vendor "Nrl" | Opie Search vendor "Nrl" for product "Opie" | 2.4 Search vendor "Nrl" for product "Opie" and version "2.4" | - |
Affected
| ||||||
| Nrl Search vendor "Nrl" | Opie Search vendor "Nrl" for product "Opie" | 2.10 Search vendor "Nrl" for product "Opie" and version "2.10" | - |
Affected
| ||||||
| Nrl Search vendor "Nrl" | Opie Search vendor "Nrl" for product "Opie" | 2.11 Search vendor "Nrl" for product "Opie" and version "2.11" | - |
Affected
| ||||||
| Nrl Search vendor "Nrl" | Opie Search vendor "Nrl" for product "Opie" | 2.21 Search vendor "Nrl" for product "Opie" and version "2.21" | - |
Affected
| ||||||
| Nrl Search vendor "Nrl" | Opie Search vendor "Nrl" for product "Opie" | 2.22 Search vendor "Nrl" for product "Opie" and version "2.22" | - |
Affected
| ||||||
| Nrl Search vendor "Nrl" | Opie Search vendor "Nrl" for product "Opie" | 2.32 Search vendor "Nrl" for product "Opie" and version "2.32" | - |
Affected
| ||||||