Showing 1 - 3 of 3

CVE-2011-2709

Status Candidate

Overview

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.

Related Files

Mandriva Linux Security Advisory 2013-043: Posted Apr 5, 2013; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2013-043 - This update fixes insecure getenv() usage in libgssglue, which could be used under some circumstances by local attackers do gain root privileges.; tags | advisory, local, root; systems | linux, mandriva; advisories | CVE-2011-2709; SHA-256 | 1fcd91ea96726db4478cf13582052b7ca9ca576e1909135d44bd7e922de538a2; Download | Favorite | View

Ubuntu Security Notice USN-1612-1: Posted Oct 15, 2012; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1612-1 - It was discovered that libgssglue incorrectly handled the GSSAPI_MECH_CONF environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges.; tags | advisory, local, root; systems | linux, ubuntu; advisories | CVE-2011-2709, CVE-2011-2709; SHA-256 | 804e32cd01efd4b890bc3ce0fbb694f2f977a6f2c88b4518b52a6b8342278849; Download | Favorite | View

Gentoo Linux Security Advisory 201209-22: Posted Sep 28, 2012; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201209-22 - A vulnerability in libgssglue may allow a local attacker to gain escalated privileges. Versions less than 0.4 are affected.; tags | advisory, local; systems | linux, gentoo; advisories | CVE-2011-2709; SHA-256 | 0d3d0000d184d912cc4e1048613d398e249e31801e65d26a33f4721fa15ec5fd; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2011-2709

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems