{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-09-07T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"}, {"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"}, {"name": "openSUSE-SU-2011:0848", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://hermes.opensuse.org/messages/10082052"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"}, {"name": "DSA-2281", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2281"}, {"name": "39966", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39966"}, {"name": "SUSE-SU-2011:0849", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://hermes.opensuse.org/messages/10082068"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345"}, {"name": "48390", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48390"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzillafiles.novell.org/attachment.cgi?id=435901"}, {"name": "45448", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45448"}, {"name": "45136", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45136"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2490", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"}, {"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"}, {"name": "openSUSE-SU-2011:0848", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/10082052"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=698772", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"}, {"name": "DSA-2281", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2281"}, {"name": "39966", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39966"}, {"name": "SUSE-SU-2011:0849", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/10082068"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345"}, {"name": "48390", "refsource": "BID", "url": "http://www.securityfocus.com/bid/48390"}, {"name": "https://bugzillafiles.novell.org/attachment.cgi?id=435901", "refsource": "CONFIRM", "url": "https://bugzillafiles.novell.org/attachment.cgi?id=435901"}, {"name": "45448", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45448"}, {"name": "45136", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45136"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:00:34.168Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"}, {"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"}, {"name": "openSUSE-SU-2011:0848", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://hermes.opensuse.org/messages/10082052"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"}, {"name": "DSA-2281", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2281"}, {"name": "39966", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39966"}, {"name": "SUSE-SU-2011:0849", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://hermes.opensuse.org/messages/10082068"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345"}, {"name": "48390", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48390"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzillafiles.novell.org/attachment.cgi?id=435901"}, {"name": "45448", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45448"}, {"name": "45136", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45136"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2490", "datePublished": "2011-07-27T01:29:00", "dateReserved": "2011-06-15T00:00:00", "dateUpdated": "2024-08-06T23:00:34.168Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nrl:opie:*:test1:*:*:*:*:*:*", "matchCriteriaId": "AEEC73FC-2BB6-4B8F-9596-BBB287AFFDA2", "versionEndIncluding": "2.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "9D33B387-8EE6-4F36-A4B5-509FF8DA8C1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F9B3734D-F6CB-4242-92FA-EDF425CCBCEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "E2B076A0-0216-4A52-ABA6-2E511FB6DB5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "32B7BBAB-609B-4D4D-BF5A-C4E95F0A8C51", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.11:*:*:*:*:*:*:*", "matchCriteriaId": "5889C86D-4285-4B22-B3F0-76984D8CEC4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.21:*:*:*:*:*:*:*", "matchCriteriaId": "E0779EF0-9638-474E-9EF2-971ADA10F1D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.22:*:*:*:*:*:*:*", "matchCriteriaId": "5AEB7E9A-3F68-4F20-A073-751A76452C67", "vulnerable": true}, {"criteria": "cpe:2.3:a:nrl:opie:2.32:*:*:*:*:*:*:*", "matchCriteriaId": "F9A53F58-7514-4B07-AC56-C6F928F9D3F3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes."}, {"lang": "es", "value": "opielogin.c de opielogin de OPIE 2.4.1-test1 y versiones anteriores no comprueba el valor de retorno de la llamada al sistema setuid, lo que permite a usuarios locales escalar privilegios disponiendo de una cuenta que ya est\u00e9 ejecutando su n\u00famero m\u00e1ximo de procesos."}], "id": "CVE-2011-2490", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-07-27T02:55:02.087", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39966"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45136"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/45448"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2011/dsa-2281"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/48390"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzillafiles.novell.org/attachment.cgi?id=435901"}, {"source": "secalert@redhat.com", "url": "https://hermes.opensuse.org/messages/10082052"}, {"source": "secalert@redhat.com", "url": "https://hermes.opensuse.org/messages/10082068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/45448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2281"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/48390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzillafiles.novell.org/attachment.cgi?id=435901"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hermes.opensuse.org/messages/10082052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hermes.opensuse.org/messages/10082068"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}