Two vulnerabilities have been found in ktsuss, allowing local attackers to gain escalated privileges.
|Package||x11-misc/ktsuss on all architectures|
|Affected versions||<= 1.4|
ktsuss is a simple, graphical version of su written in C and GTK+.
Two vulnerabilities have been found in ktuss:
A local attacker could gain escalated privileges and use the "GTK_MODULES" environment variable to possibly execute arbitrary code with root privileges.
There is no known workaround at this time.
Gentoo discontinued support for ktsuss. We recommend that users unmerge ktsuss:
# emerge --unmerge "x11-misc/ktsuss"
January 27, 2012
January 27, 2012: 1