CVE-2011-2921

ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
ktsuss_projectktsuss
𝑥
≤ 1.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ktsuss
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
ignored
maverick
ignored
lucid
ignored
hardy
dne
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/154307/ktsuss-Suid-Privilege-Escalation.html
https://access.redhat.com/security/cve/cve-2011-2921
https://security-tracker.debian.org/tracker/CVE-2011-2921
http://packetstormsecurity.com/files/154307/ktsuss-Suid-Privilege-Escalation.html
https://access.redhat.com/security/cve/cve-2011-2921
https://security-tracker.debian.org/tracker/CVE-2011-2921