Vulnerability Description
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ktsuss Project | Ktsuss | <= 1.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/154307/ktsuss-Suid-Privilege-Escalation.htmExploitThird Party AdvisoryVDB Entry
- https://access.redhat.com/security/cve/cve-2011-2921Broken LinkThird Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2011-2921Third Party Advisory
- http://packetstormsecurity.com/files/154307/ktsuss-Suid-Privilege-Escalation.htmExploitThird Party AdvisoryVDB Entry
- https://access.redhat.com/security/cve/cve-2011-2921Broken LinkThird Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2011-2921Third Party Advisory
FAQ
What is CVE-2011-2921?
CVE-2011-2921 is a vulnerability with a CVSS score of 9.8 (CRITICAL). ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
How severe is CVE-2011-2921?
CVE-2011-2921 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2011-2921?
Check the references section above for vendor advisories and patch information. Affected products include: Ktsuss Project Ktsuss.