From the note at $URL:
> I reported these bugs privately to the Debian security team and the
> > upstream author some time ago, but it does not appear that any CVE was
> > created as a result.
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626178
> > The 1.3 and 1.4 versions of ktsuss which include a setuid ktsuss binary
> > suffered from two separate security bugs which can be used for local root
> > exploits.
> > The "1.314" version which does not include a setuid ktsuss binary and
> > uses "su" for privilege escalation does not suffer from these problems.
> > 1) When the target UID is the same as the real UID ktsuss skips
> > authentication. Under these circumstances, ktsuss fails to change the
> > effective UID back to the real UID. (line 118 of src/ktsuss.c in version
> > 1.3.)
> > $ ktsuss -u `whoami` whoami
> > root
Use CVE-2011-2921 for the above issue.
> > 2) The setuid ktsuss binary executes a GTK interface subprocess to prompt
> > for username and password. This GTK interface runs as root and allows
> > arbitrary code execution via the GTK_MODULES environmental variable.
Use CVE-2011-2922 for this issue.
I don't know how to fix it, Debian removed the package, upstream seems dead.
Time to last-rite:
25 Sep 2011; Thomas Kahle <firstname.lastname@example.org> package.mask:
Mask x11-misc/ktsuss for removal (security bug 381115)
Thanks for the report.
Package masked. GLSA request filed.
This issue was resolved and addressed in
GLSA 201201-15 at http://security.gentoo.org/glsa/glsa-201201-15.xml
by GLSA coordinator Sean Amoss (ackle).