SUS: Local root vulnerability — GLSA 200409-17

SUS contains a string format bug that could lead to local privilege escalation.

Affected Packages

app-admin/sus on all architectures
Affected versions < 2.0.2-r1
Unaffected versions >= 2.0.2-r1

Background

SUS is a utility that allows regular users to be able to execute certain commands as root.

Description

Leon Juranic found a bug in the logging functionality of SUS that can lead to local privilege escalation. A format string vulnerability exists in the log() function due to an incorrect call to the syslog() function.

Impact

An attacker with local user privileges can potentially exploit this vulnerability to gain root access.

Workaround

There is no known workaround at this time.

Resolution

All SUS users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv ">=app-admin/sus-2.0.2-r1"
 # emerge ">=app-admin/sus-2.0.2-r1"

References

Release Date
September 14, 2004

Latest Revision
May 22, 2006: 02

Severity
high

Exploitable
local

Bugzilla entries