PT-2019-6656 · Kt · Ktsuss

Publicado

2019-11-19

Atualizado

2019-11-21

CVE-2011-2921

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ktsuss versions 1.4 and prior

Description The issue allows for command execution with root privileges due to the uid being set to root and privileges not being dropped before executing user-specified commands.

Recommendations For versions 1.4 and prior, consider dropping privileges before executing user-specified commands to prevent command execution with root privileges. As a temporary workaround, restrict the use of ktsuss to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-273

Identificadores relacionados

CVE-2011-2921

Produtos afetados

Ktsuss

PT-2019-6656 · Kt · Ktsuss

CVE-2011-2921

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6