CVE-2011-2921

CRITICAL

ktsuss suid Privilege Escalation

Title source: metasploit

Description

ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocallinux
https://www.exploit-db.com/exploits/47344
metasploit WORKING POC EXCELLENT
by John Lightsey, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/ktsuss_suid_priv_esc.rb

References (3)

Scores

CVSS v3 9.8
EPSS 0.7298
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-273
Status published
Products (1)
ktsuss_project/ktsuss < 1.4
Published Nov 19, 2019
Tracked Since Feb 18, 2026