CVE-2011-2709
21.06.2012, 15:55
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.Enginsight
| Vendor | Product | Version |
|---|---|---|
| umich | libgssglue | 𝑥 ≤ 0.3 |
| umich | libgssglue | 0.1 |
| umich | libgssglue | 0.2 |
| umich | libgssapi | 𝑥 ≤ 0.3 |
| umich | libgssapi | 0.1 |
| umich | libgssapi | 0.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References