Описание
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-2709
- https://bugzilla.novell.com/show_bug.cgi?id=694598
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082072.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082297.html
- http://lwn.net/Alerts/449415
- http://secunia.com/advisories/45075
- http://secunia.com/advisories/50785
- http://secunia.com/advisories/50973
- http://www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz
- http://www.openwall.com/lists/oss-security/2011/07/21/3
- http://www.openwall.com/lists/oss-security/2011/07/22/4
- http://www.openwall.com/lists/oss-security/2011/08/12/10
- http://www.securityfocus.com/bid/48490
EPSS
CVE ID
Связанные уязвимости
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
libgssapi and libgssglue before 0.4 do not properly check privileges, ...
Уязвимость операционной системы Gentoo Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS