ktsuss: Privilege escalation — GLSA 201201-15

Two vulnerabilities have been found in ktsuss, allowing local attackers to gain escalated privileges.

Affected packages

x11-misc/ktsuss on all architectures
Affected versions <= 1.4
Unaffected versions

Background

ktsuss is a simple, graphical version of su written in C and GTK+.

Description

Two vulnerabilities have been found in ktuss:

  • Under specific circumstances, ktsuss skips authentication and fails to change the effective UID back to the real UID (CVE-2011-2921).
  • The GTK interface spawned by the ktsuss binary is run as root (CVE-2011-2922).

Impact

A local attacker could gain escalated privileges and use the "GTK_MODULES" environment variable to possibly execute arbitrary code with root privileges.

Workaround

There is no known workaround at this time.

Resolution

Gentoo discontinued support for ktsuss. We recommend that users unmerge ktsuss:

 # emerge --unmerge "x11-misc/ktsuss"
 

References

Release date
January 27, 2012

Latest revision
January 27, 2012: 1

Severity
high

Exploitable
local

Bugzilla entries