CVE-2011-2709

Priority
Medium
Description
libgssapi and libgssglue before 0.4 do not properly check privileges, which
allows local users to load untrusted configuration files and execute
arbitrary code via the GSSAPI_MECH_CONF environment variable, as
demonstrated using mount.nfs.
References
Bugs
Assigned-to
tyhicks
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (0.1-4ubuntu0.1)
Ubuntu 11.04 (Natty Narwhal):released (0.1-4ubuntu1.1)
Ubuntu 11.10 (Oneiric Ocelot):released (0.3-1ubuntu1.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (0.3-4ubuntu0.1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (0.4-2)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-10-15 18:14:25 UTC (commit 5923)