CVE-2011-2490

Name of the Vulnerable Software and Affected Versions OPIE versions 2.4.1-test1 and earlier

Description The issue concerns a problem where the setuid system call's return value is not checked in opielogin.c, allowing local users to gain privileges under certain conditions. Additionally, there are multiple vulnerabilities in the OPIE package that can lead to breaches of confidentiality, integrity, and availability of protected information, potentially exploitable remotely.

Recommendations For OPIE versions 2.4.1-test1 and earlier, consider updating to a newer version that addresses the issue with the setuid system call and other vulnerabilities, although the specific fixed version is not provided. As a temporary workaround, restrict access to the opielogin functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.