PRIOn knowledge basePRION:CVE-2011-2709Code injection
7.5 High
AI Score
Confidence
Low
6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.4%
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libgssapi | eq | 0.2 | |
| libgssapi | le | 0.3 | |
| libgssapi | eq | 0.1 | |
| libgssglue | le | 0.3 | |
| libgssglue | eq | 0.1 | |
| libgssglue | eq | 0.2 |
References
lwn.net/Alerts/449415/
secunia.com/advisories/45075
secunia.com/advisories/50785
secunia.com/advisories/50973
www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz
www.openwall.com/lists/oss-security/2011/07/21/3
www.openwall.com/lists/oss-security/2011/07/22/4
www.openwall.com/lists/oss-security/2011/08/12/10
www.securityfocus.com/bid/48490
bugzilla.novell.com/show_bug.cgi?id=694598
lists.fedoraproject.org/pipermail/package-announce/2012-June/082072.html
lists.fedoraproject.org/pipermail/package-announce/2012-June/082297.html
Related
7.5 High
AI Score
Confidence
Low
6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.4%