CVE-2011-2709

Priority
Medium
Description
libgssapi and libgssglue before 0.4 do not properly check privileges, which
allows local users to load untrusted configuration files and execute
arbitrary code via the GSSAPI_MECH_CONF environment variable, as
demonstrated using mount.nfs.
References
Bugs
Assigned-to
tyhicks
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (0.4-2)
More Information

Updated: 2017-12-15 20:29:25 UTC (commit 13913)