ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/154307/ktsuss-Suid-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
https://access.redhat.com/security/cve/cve-2011-2921 | Broken Link Third Party Advisory |
https://security-tracker.debian.org/tracker/CVE-2011-2921 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-11-19 17:15
Updated : 2024-02-28 17:28
NVD link : CVE-2011-2921
Mitre link : CVE-2011-2921
CVE.ORG link : CVE-2011-2921
JSON object : View
Products Affected
ktsuss_project
- ktsuss
CWE
CWE-273
Improper Check for Dropped Privileges