Unrated severityNVD Advisory· Published Jul 27, 2011· Updated Apr 29, 2026

CVE-2011-2490

Description

opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.

Affected products

Nrl/Opie9 versions
cpe:2.3:a:nrl:opie:2.10:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:nrl:opie:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.22:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.32:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:nrl:opie:*:test1:*:*:*:*:*:*range: <=2.4.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.debian.org/cgi-bin/bugreport.cginvdPatch
bugzillafiles.novell.org/attachment.cginvdPatch
www.openwall.com/lists/oss-security/2011/06/22/6nvdExploitPatch
www.openwall.com/lists/oss-security/2011/06/23/5nvdExploitPatch
bugzilla.novell.com/show_bug.cginvdExploitPatch
secunia.com/advisories/39966nvdVendor Advisory
secunia.com/advisories/45136nvdVendor Advisory
secunia.com/advisories/45448nvd
www.debian.org/security/2011/dsa-2281nvd
www.securityfocus.com/bid/48390nvd
hermes.opensuse.org/messages/10082052nvd
hermes.opensuse.org/messages/10082068nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000