ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2019-11-19T18:08:30
Updated: 2024-08-06T23:15:32.119Z
Reserved: 2011-07-27T00:00:00
Link: CVE-2011-2922
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-11-19T19:15:14.783
Modified: 2019-11-21T15:28:40.360
Link: CVE-2011-2922
Redhat
No data.