What is CVE-2011-2921?

CVE-2011-2921 is a vulnerability in Ktsuss. Published 2019-11-19.

Is CVE-2011-2921 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ktsuss

CVE-2011-2921

ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.

EPSS: 0.730 (98.8th percentile) — read the EPSS interpretation.

Affected products

Ktsuss — versions 1.4 and prior

Public proof-of-concept exploits

rapid7/metasploit-framework
bcoles/local-exploits

References

packetstormsecurity.com/files/154307/ktsuss-Suid-Privilege-Escalation.html (x_refsource_MISC)
security-tracker.debian.org/tracker/CVE-2011-2921 (x_refsource_MISC)
access.redhat.com/security/cve/cve-2011-2921 (x_refsource_MISC)

Frequently asked questions

What is CVE-2011-2921?: CVE-2011-2921 is a vulnerability in Ktsuss. Published 2019-11-19.
Is CVE-2011-2921 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.