Two vulnerabilities have been found in ktsuss, allowing local attackers to gain escalated privileges.
Package | x11-misc/ktsuss on all architectures |
---|---|
Affected versions | <= 1.4 |
Unaffected versions |
ktsuss is a simple, graphical version of su written in C and GTK+.
Two vulnerabilities have been found in ktuss:
A local attacker could gain escalated privileges and use the "GTK_MODULES" environment variable to possibly execute arbitrary code with root privileges.
There is no known workaround at this time.
Gentoo discontinued support for ktsuss. We recommend that users unmerge ktsuss:
# emerge --unmerge "x11-misc/ktsuss"
Release date
January 27, 2012
Latest revision
January 27, 2012: 1
Severity
high
Exploitable
local
Bugzilla entries