VULHUB ™

It is reported that SUS contains a format string vulnerability in its logging function. This issue is due to a failure of the applications to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. Due to improper message sanitization, any format string specifiers are interpreted literally by the syslog() function, giving the attacker control over process memory. Due to the nature of the SUS package, an attacker with local interactive access could exploit this vulnerability to gain superuser privileges. SUS versions prior to 2.0.6 are reported vulnerable.

It is reported that SUS contains a format string vulnerability in its logging function. This issue is due to a failure of the applications to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. Due to improper message sanitization, any format string specifiers are interpreted literally by the syslog() function, giving the attacker control over process memory. Due to the nature of the SUS package, an attacker with local interactive access could exploit this vulnerability to gain superuser privileges. SUS versions prior to 2.0.6 are reported vulnerable.