Published: 19/11/2019 Updated: 21/11/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ktsuss project ktsuss

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::System include Msf::Exploit::EXE include Msf: ...

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in ktsuss versions 14 and prior The ktsuss executable is setuid root and does not drop privileges prior to executing user specified commands, resulting in command execution with root privileges This module has been tested successfully on ktsuss 13 on SparkyLin ...

CWE-273 https://security-tracker.debian.org/tracker/CVE-2011-2921 https://access.redhat.com/security/cve/cve-2011-2921 http://packetstormsecurity.com/files/154307/ktsuss-Suid-Privilege-Escalation.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47344

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-2921

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect