Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200409-17] SUS: Local root vulnerability Vulnerability Scan
Vulnerability Scan Summary
SUS: Local root vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200409-17
(SUS: Local root vulnerability)
Leon Juranic found a bug in the logging functionality of SUS that can lead
to local privilege escalation. A format string vulnerability exists in the
log() function due to an incorrect call to the syslog() function.
A possible hacker with local user rights can potentially exploit this
vulnerability to gain root access.
There is no known workaround at this time.
All SUS users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-admin/sus-2.0.2-r1"
# emerge ">=app-admin/sus-2.0.2-r1"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.