CVE-2011-2709
6.8 Medium
AI Score
Confidence
Low
6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
References
lists.fedoraproject.org/pipermail/package-announce/2012-June/082072.html
lists.fedoraproject.org/pipermail/package-announce/2012-June/082297.html
lwn.net/Alerts/449415/
secunia.com/advisories/45075
secunia.com/advisories/50785
secunia.com/advisories/50973
www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz
www.openwall.com/lists/oss-security/2011/07/21/3
www.openwall.com/lists/oss-security/2011/07/22/4
www.openwall.com/lists/oss-security/2011/08/12/10
www.securityfocus.com/bid/48490
bugzilla.novell.com/show_bug.cgi?id=694598
Related
6.8 Medium
AI Score
Confidence
Low
6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%