CVE-2011-2921

CRITICAL

ktsuss suid Privilege Escalation

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-2921. PoCs published by Metasploit, John Lightsey, bcoles, including Metasploit module exploits/linux/local/ktsuss_suid_priv_esc.

AI-analyzed exploit summary This Metasploit module exploits a privilege escalation vulnerability in ktsuss versions 1.4 and prior by leveraging the setuid binary to execute arbitrary commands as root. It uploads a payload to a writable directory and executes it via the vulnerable ktsuss binary.

Description

ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocallinux
https://www.exploit-db.com/exploits/47344

This Metasploit module exploits a privilege escalation vulnerability in ktsuss versions 1.4 and prior by leveraging the setuid binary to execute arbitrary commands as root. It uploads a payload to a writable directory and executes it via the vulnerable ktsuss binary.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: ktsuss <= 1.4
No auth needed
Prerequisites: ktsuss binary with setuid bit set · writable directory (e.g., /tmp)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by John Lightsey, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/ktsuss_suid_priv_esc.rb

This Metasploit module exploits a privilege escalation vulnerability in ktsuss versions 1.4 and prior by leveraging the setuid binary to execute arbitrary commands with root privileges. It uploads a payload to a writable directory and executes it via the vulnerable ktsuss binary.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: ktsuss <= 1.4
No auth needed
Prerequisites: ktsuss binary must be setuid root · writable directory (e.g., /tmp)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/154307/ktsuss-Suid-Privilege-Escalation.html
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-2921
Broken Link, Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2011-2921

Scores

CVSS v3 9.8
EPSS 0.7298
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-273
Status published
Products (1)
ktsuss_project/ktsuss < 1.4
Published Nov 19, 2019
Tracked Since Feb 18, 2026