super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
Exploitability Analysis: Local
A vulnerability exploitable with only local access requires the attacker to have either
physical access to the vulnerable system or a local (shell) account. Examples of locally
exploitable vulnerabilities are peripheral attacks such as Firewire/USB DMA attacks, and
local privilege escalations (e.g., sudo).
Exploitability Complexity: Low
Specialized access conditions or extenuating circumstances do not exist. The following are examples:
The affected product typically requires access to a wide range of systems and users, possibly anonymous an untrusted (e.g., Internet-facing web or mail server).
The affected configuration is default or ubiquitous. The attack can be performed manually and requires little skill or additional information gathering.
The 'race condition' is a lazy one (i.e., it is technically a race but easily winnable).
Authentication is not required to access and exploit the vulnerability.
Confidentiality Impact: Complete
There is total information disclosure, resulting in all system files being revealed. The
attacker is able to read all of the system's data (memory, files, etc.).
Integrity Impact: Complete
There is a total compromise of system integrity. There is a complete loss of system
protection, resulting in the entire system being compromised. The attacker is able to
modify any files on the target system.
Availability Impact: Complete
There is a total shutdown of the affected resource. The attacker can render the
resource completely unavailable.