CVE-2011-2490

NameCVE-2011-2490
Descriptionopielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2281-1
NVD severityhigh (attack range: local)
Debian Bugs631345

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opiesource(unstable)(unfixed)high631345
opiesourcelenny2.32-10.2+lenny2highDSA-2281-1
opiesourcesqueeze2.32.dfsg.1-0.2+squeeze1highDSA-2281-1

Search for package or bug name: Reporting problems