CVE-2011-2709
Published: 21 June 2012
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
Priority
Status
Package | Release | Status |
---|---|---|
libgssglue Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(0.1-4ubuntu0.1)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Released
(0.1-4ubuntu1.1)
|
|
oneiric |
Released
(0.3-1ubuntu1.1)
|
|
precise |
Released
(0.3-4ubuntu0.1)
|
|
upstream |
Needs triage
|