|
|
Subscribe / Log in / New account

ktsuss: privilege escalation

Package(s):ktsuss CVE #(s):CVE-2011-2921 CVE-2011-2922
Created:January 27, 2012 Updated:February 1, 2012
Description: From the Gentoo advisory:

Two vulnerabilities have been found in ktuss:

  • Under specific circumstances, ktsuss skips authentication and fails to change the effective UID back to the real UID (CVE-2011-2921).
  • The GTK interface spawned by the ktsuss binary is run as root (CVE-2011-2922).

A local attacker could gain escalated privileges and use the "GTK_MODULES" environment variable to possibly execute arbitrary code with root privileges.

Alerts:
Gentoo 201201-15 ktsuss 2012-01-27

(Log in to post comments)


Copyright © 2023, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds