CVE-2011-2709
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2011-2709
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-2709.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2011-2709
- Related
- Published
- 2012-06-21T15:55:10Z
- Modified
- 2024-06-30T12:01:22Z
- Summary
- [none]
- Details
-
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs.
- References
-
- http://secunia.com/advisories/45075
- http://secunia.com/advisories/50785
- http://secunia.com/advisories/50973
- http://www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz
- https://bugzilla.novell.com/show_bug.cgi?id=694598
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082072.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082297.html
- http://lwn.net/Alerts/449415/
- http://www.openwall.com/lists/oss-security/2011/07/21/3
- http://www.openwall.com/lists/oss-security/2011/07/22/4
- http://www.openwall.com/lists/oss-security/2011/08/12/10
- http://www.securityfocus.com/bid/48490
- https://security-tracker.debian.org/tracker/CVE-2011-2709
Affected packages
Debian:11 / libgssglue
Package
- Name
- libgssglue
- Purl
- pkg:deb/debian/libgssglue?arch=source
Debian:12 / libgssglue
Package
- Name
- libgssglue
- Purl
- pkg:deb/debian/libgssglue?arch=source
Debian:13 / libgssglue
Package
- Name
- libgssglue
- Purl
- pkg:deb/debian/libgssglue?arch=source