Detections
Analytics

CVE-2011-2490

high

Description

opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.

References

https://hermes.opensuse.org/messages/10082068

https://hermes.opensuse.org/messages/10082052

https://bugzillafiles.novell.org/attachment.cgi?id=435901

http://www.securityfocus.com/bid/48390

http://www.debian.org/security/2011/dsa-2281

http://secunia.com/advisories/45448

http://secunia.com/advisories/45136

http://secunia.com/advisories/39966

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345

Details

Source: Mitre, NVD

Published: 2011-07-27

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00093