Nessus Plugin #14725
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200409-17] SUS: Local root vulnerability
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2004 Michel Arboi
- Summary:
- SUS: Local root vulnerability
- Version:
- $Revision: 1.2 $
- Cve_id:
- -
- Bugtraq_id:
- 11176
- Xrefs:
- GLSA:200409-17
- Description:
- The remote host is affected by the vulnerability described in GLSA-200409-17
(SUS: Local root vulnerability)
Leon Juranic found a bug in the logging functionality of SUS that can lead
to local privilege escalation. A format string vulnerability exists in the
log() function due to an incorrect call to the syslog() function.
Impact
An attacker with local user privileges can potentially exploit this
vulnerability to gain root access.
Workaround
There is no known workaround at this time.
References:
http://pdg.uow.edu.au/sus/CHANGES
http://www.securityfocus.com/archive/1/375109/2004-09-11/2004-09-17/0
Solution:
All SUS users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-admin/sus-2.0.2-r1"
# emerge ">=app-admin/sus-2.0.2-r1"
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.