CVE-2011-2490

NameCVE-2011-2490
Descriptionopielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2281-1
NVD severityhigh (attack range: local)
Debian Bugs631345
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
opie (PTS)squeeze (security), squeeze2.32.dfsg.1-0.2+squeeze1fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opiesource(unstable)(unfixed)high631345
opiesourcelenny2.32-10.2+lenny2highDSA-2281-1
opiesourcesqueeze2.32.dfsg.1-0.2+squeeze1highDSA-2281-1

Search for package or bug name: Reporting problems