CVE-2011-2709

Priority
Medium
Description
libgssapi and libgssglue before 0.4 do not properly check privileges, which
allows local users to load untrusted configuration files and execute
arbitrary code via the GSSAPI_MECH_CONF environment variable, as
demonstrated using mount.nfs.
References
Bugs
Assigned-to
tyhicks
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (0.3-4ubuntu0.1)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:39:49 UTC (commit 9756)