Vulnerability Details : CVE-2011-2921
Public exploit exists!
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
Products affected by CVE-2011-2921
- cpe:2.3:a:ktsuss_project:ktsuss:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2921
71.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-2921
-
ktsuss suid Privilege Escalation
Disclosure Date: 2011-08-13First seen: 2020-04-26exploit/linux/local/ktsuss_suid_priv_escThis module attempts to gain root privileges by exploiting a vulnerability in ktsuss versions 1.4 and prior. The ktsuss executable is setuid root and does not drop privileges prior to executing user specified commands, resulting in command executio
CVSS scores for CVE-2011-2921
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2011-2921
-
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2921
-
http://packetstormsecurity.com/files/154307/ktsuss-Suid-Privilege-Escalation.html
ktsuss Suid Privilege Escalation ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://access.redhat.com/security/cve/cve-2011-2921
Red Hat Customer PortalBroken Link;Third Party Advisory
-
https://security-tracker.debian.org/tracker/CVE-2011-2921
CVE-2011-2921Third Party Advisory
Jump to