|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200409-17] SUS: Local root vulnerability Vulnerability Scan
Vulnerability Scan Summary SUS: Local root vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200409-17
(SUS: Local root vulnerability)
Leon Juranic found a bug in the logging functionality of SUS that can lead
to local privilege escalation. A format string vulnerability exists in the
log() function due to an incorrect call to the syslog() function.
Impact
A possible hacker with local user rights can potentially exploit this
vulnerability to gain root access.
Workaround
There is no known workaround at this time.
References:
http://pdg.uow.edu.au/sus/CHANGES
http://www.securityfocus.com/archive/1/375109/2004-09-11/2004-09-17/0
Solution:
All SUS users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-admin/sus-2.0.2-r1"
# emerge ">=app-admin/sus-2.0.2-r1"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|