CVE-2011-1946

Name of the Vulnerable Software and Affected Versions libgnomesu version 1.0.0

Description The issue allows local users to gain privileges by leveraging access to two unprivileged user accounts and running many processes under one of these accounts. This is due to the gnomesu-pam-backend in libgnomesu printing an error message but proceeding with the non-error code path upon failure of the setgid or setuid function.

Recommendations For libgnomesu version 1.0.0, consider restricting access to the gnomesu-pam-backend to minimize the risk of exploitation. As a temporary workaround, avoid using the setgid or setuid functions in sensitive operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.