GoogleOSV:DSA-522super - format string vulnerability
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Max Vozeler discovered a format string vulnerability in super, a
program to allow specified users to execute commands with root
privileges. This vulnerability could potentially be exploited by a
local user to execute arbitrary code with root privileges.
For the current stable distribution (woody), this problem has been
fixed in version 3.16.1-1.2.
For the unstable distribution (sid), this problem has been fixed
in version 3.23.0-1.
We recommend that you update your super package.
References
Related
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C