CVE-2011-2709
Published: 21 June 2012
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
Priority
Status
Package | Release | Status |
---|---|---|
libgssglue Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|