CVE-2011-2922

ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
ktsuss_projectktsuss
𝑥
≤ 1.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ktsuss
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
ignored
maverick
ignored
lucid
ignored
hardy
dne
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/cve-2011-2922
https://lwn.net/Articles/477678/
https://packetstormsecurity.com/files/109154/Gentoo-Linux-Security-Advisory-201201-15.html
https://packetstormsecurity.com/files/cve/CVE-2011-2922
https://security-tracker.debian.org/tracker/CVE-2011-2922
https://snyk.io/vuln/SNYK-LINUX-KTSUSS-174466
https://www.securityfocus.com/bid/49151
https://access.redhat.com/security/cve/cve-2011-2922
https://lwn.net/Articles/477678/
https://packetstormsecurity.com/files/109154/Gentoo-Linux-Security-Advisory-201201-15.html
https://packetstormsecurity.com/files/cve/CVE-2011-2922
https://security-tracker.debian.org/tracker/CVE-2011-2922
https://snyk.io/vuln/SNYK-LINUX-KTSUSS-174466
https://www.securityfocus.com/bid/49151