CVE-2011-2489 - Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local u

CVE-2011-2489

Summary

Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.

References

Vulnerable Configurations

cpe:2.3:a:nrl:opie:2.2:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.2:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.3:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.3:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.4:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.4:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:*:test1:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:*:test1:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.10:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.10:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.11:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.11:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.21:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.21:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.22:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.22:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.32:*:*:*:*:*:*:*
cpe:2.3:a:nrl:opie:2.32:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 07-09-2011 - 03:17)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	48390
confirm	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344 https://bugzilla.novell.com/show_bug.cgi?id=698772 https://bugzillafiles.novell.org/attachment.cgi?id=435902
debian	DSA-2281
mlist	[oss-security] 20110622 CVE requests: opie off by one and setuid() failure [oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure
secunia	45136 45448
suse	SUSE-SU-2011:0849 openSUSE-SU-2011:0848

Last major update

07-09-2011 - 03:17

Published

27-07-2011 - 02:55

Last modified

07-09-2011 - 03:17