Vulnerability Solutions
 |
added scans last 7 days |
| The Nimsoft Cloud Monitor Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview |
| Category: Gentoo Local Security Checks | Risk factor: High | Added: 31 Jan 2012 |
| Synopsis: The remote Gentoo host is missing one or more security-related patches. Description: The remote host is affected by the vulnerability described in GLSA-201201-15 (ktsuss: Privilege escalation) Two vulnerabilities have been found in ktuss: Under specific circumstances, ktsuss skips authentication and fails to change the effective UID back to the real UID (CVE-2011-2921). The GTK interface spawned by the ktsuss binary is run as root (CVE-2011-2922). Impact : A local attacker could gain escalated privileges and use the 'GTK_MODULES' environment variable to possibly execute arbitrary code with root privileges. Workaround : There is no known workaround at this time. See also: http://www.gentoo.org/security/en/glsa/glsa-201201-15.xml Solution: Gentoo discontinued support for ktsuss. We recommend that users unmerge ktsuss: # emerge --unmerge 'x11-misc/ktsuss' Risk factor: High |
||
