openSUSE Security Update : opie (openSUSE-SU-2011:0848-1)

high Nessus Plugin ID 75700

Synopsis

The remote openSUSE host is missing a security update.

Description

This update fixes off-by-one errors in opiesu (CVE-2011-2489) and missing setuid() return value checks in opielogin (CVE-2011-2490).

This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local :

/usr/bin/opiesu root:root 4755

Solution

Update the affected opie packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=698772

https://lists.opensuse.org/opensuse-updates/2011-07/msg00039.html

Plugin Details

Severity: High

ID: 75700

File Name: suse_11_3_opie-110628.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:opie, p-cpe:/a:novell:opensuse:opie-32bit, p-cpe:/a:novell:opensuse:permissions, cpe:/o:novell:opensuse:11.3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 6/28/2011

Reference Information

CVE: CVE-2011-2489, CVE-2011-2490