CVE-2011-2489 - Vulnerability Details - OpenCVE

Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00059.

Key SSVC decision points have not yet been added.

Vendors	Products
Nrl	Opie

Configuration 1 [-]

OR	cpe:2.3:a:nrl:opie::test1::::::*
	cpe:2.3:a:nrl:opie:2.2:::::::*
	cpe:2.3:a:nrl:opie:2.3:::::::*
	cpe:2.3:a:nrl:opie:2.4:::::::*
	cpe:2.3:a:nrl:opie:2.10:::::::*
	cpe:2.3:a:nrl:opie:2.11:::::::*
	cpe:2.3:a:nrl:opie:2.21:::::::*
	cpe:2.3:a:nrl:opie:2.22:::::::*
	cpe:2.3:a:nrl:opie:2.32:::::::*

No data.

No data.

Advisories

Source	ID	Title
Debian DSA	DSA-2281-1	opie security update
EUVD	EUVD-2011-2476	Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344
http://secunia.com/advisories/45136
http://secunia.com/advisories/45448
http://www.debian.org/security/2011/dsa-2281
http://www.openwall.com/lists/oss-security/2011/06/22/6
http://www.openwall.com/lists/oss-security/2011/06/23/5
http://www.securityfocus.com/bid/48390
https://bugzilla.novell.com/show_bug.cgi?id=698772
https://bugzillafiles.novell.org/attachment.cgi?id=435902
https://hermes.opensuse.org/messages/10082052
https://hermes.opensuse.org/messages/10082068

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-07-27T01:29:00

Updated: 2024-08-06T23:00:34.107Z

Reserved: 2011-06-15T00:00:00

Link: CVE-2011-2489

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-07-27T02:55:02.040

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-2489

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-09-07T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"}, {"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"}, {"name": "openSUSE-SU-2011:0848", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://hermes.opensuse.org/messages/10082052"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902"}, {"name": "DSA-2281", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2281"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344"}, {"name": "SUSE-SU-2011:0849", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://hermes.opensuse.org/messages/10082068"}, {"name": "48390", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48390"}, {"name": "45448", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45448"}, {"name": "45136", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45136"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2489", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"}, {"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"}, {"name": "openSUSE-SU-2011:0848", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/10082052"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=698772", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"}, {"name": "https://bugzillafiles.novell.org/attachment.cgi?id=435902", "refsource": "CONFIRM", "url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902"}, {"name": "DSA-2281", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2281"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344"}, {"name": "SUSE-SU-2011:0849", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/10082068"}, {"name": "48390", "refsource": "BID", "url": "http://www.securityfocus.com/bid/48390"}, {"name": "45448", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45448"}, {"name": "45136", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45136"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:00:34.107Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"}, {"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"}, {"name": "openSUSE-SU-2011:0848", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://hermes.opensuse.org/messages/10082052"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902"}, {"name": "DSA-2281", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2281"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344"}, {"name": "SUSE-SU-2011:0849", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://hermes.opensuse.org/messages/10082068"}, {"name": "48390", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48390"}, {"name": "45448", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45448"}, {"name": "45136", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45136"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2489", "datePublished": "2011-07-27T01:29:00", "dateReserved": "2011-06-15T00:00:00", "dateUpdated": "2024-08-06T23:00:34.107Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nrl:opie:*:test1:*:*:*:*:*:*", "matchCriteriaId": "AEEC73FC-2BB6-4B8F-9596-BBB287AFFDA2", "versionEndIncluding": "2.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "9D33B387-8EE6-4F36-A4B5-509FF8DA8C1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F9B3734D-F6CB-4242-92FA-EDF425CCBCEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "E2B076A0-0216-4A52-ABA6-2E511FB6DB5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "32B7BBAB-609B-4D4D-BF5A-C4E95F0A8C51", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.11:*:*:*:*:*:*:*", "matchCriteriaId": "5889C86D-4285-4B22-B3F0-76984D8CEC4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.21:*:*:*:*:*:*:*", "matchCriteriaId": "E0779EF0-9638-474E-9EF2-971ADA10F1D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.22:*:*:*:*:*:*:*", "matchCriteriaId": "5AEB7E9A-3F68-4F20-A073-751A76452C67", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.32:*:*:*:*:*:*:*", "matchCriteriaId": "F9A53F58-7514-4B07-AC56-C6F928F9D3F3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line."}, {"lang": "es", "value": "M\u00faltiples errores \"off-by-one\" (desbordamiento por un elemento) en opiesu.c de opiesu en OPIE 2.4.1-test1 y versiones anteriores permiten a usuarios locales escalar privilegios a trav\u00e9s de un comando modificado."}], "id": "CVE-2011-2489", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-07-27T02:55:02.040", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45136"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/45448"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2011/dsa-2281"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/48390"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902"}, {"source": "secalert@redhat.com", "url": "https://hermes.opensuse.org/messages/10082052"}, {"source": "secalert@redhat.com", "url": "https://hermes.opensuse.org/messages/10082068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/45448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2281"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/48390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hermes.opensuse.org/messages/10082052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hermes.opensuse.org/messages/10082068"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}