ktsuss: Privilege escalation

ktsuss: Privilege escalation Two vulnerabilities have been found in ktsuss, allowing local attackers to gain escalated privileges. ktsuss 2012-01-27 2012-01-27 381115 local 1.4

ktsuss is a simple, graphical version of su written in C and GTK+.

Two vulnerabilities have been found in ktuss:

Under specific circumstances, ktsuss skips authentication and fails to change the effective UID back to the real UID (CVE-2011-2921).
The GTK interface spawned by the ktsuss binary is run as root (CVE-2011-2922).

A local attacker could gain escalated privileges and use the "GTK_MODULES" environment variable to possibly execute arbitrary code with root privileges.

There is no known workaround at this time.

Gentoo discontinued support for ktsuss. We recommend that users unmerge ktsuss:


      # emerge --unmerge "x11-misc/ktsuss"

CVE-2011-2921 CVE-2011-2922 underling ackle