Gentoo Logo

SUS: Local root vulnerability


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200409-17 / SUS
Release Date September 14, 2004
Latest Revision May 22, 2006: 02
Impact high
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
app-admin/sus < 2.0.2-r1 >= 2.0.2-r1 All supported architectures

Related bugreports: #63927


SUS contains a string format bug that could lead to local privilege escalation.

2.  Impact Information


SUS is a utility that allows regular users to be able to execute certain commands as root.


Leon Juranic found a bug in the logging functionality of SUS that can lead to local privilege escalation. A format string vulnerability exists in the log() function due to an incorrect call to the syslog() function.


An attacker with local user privileges can potentially exploit this vulnerability to gain root access.

3.  Resolution Information


There is no known workaround at this time.


All SUS users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge sync

# emerge -pv ">=app-admin/sus-2.0.2-r1"
# emerge ">=app-admin/sus-2.0.2-r1"

4.  References


Page updated September 14, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.