RHEL 6 : libgssapi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their...

Mandriva Linux Security Advisory : libgssglue (MDVSA-2013:043)

This update fixes insecure getenv usage in libgssglue, which could be used under some circumstances by local attackers do gain root privileges CVE-2011-2709. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandriva...

[ MDVSA-2013:043 ] libgssglue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:043 http://www.mandriva.com/en/support/security/ Package : libgssglue Date : April 5, 2013 Affected: Business Server 1.0 Problem Description: This update fixes insecure getenv usage in libgssglue, which coul...

Ubuntu Update for libgssglue USN-1612-1

Ubuntu Update for Linux kernel vulnerabilities USN-1612-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16121.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for libgssglue USN-1612-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net...

Ubuntu: Security Advisory (USN-1612-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for libgssglue FEDORA-2012-7971

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2011-2709

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

CVE-2011-2709

CVE-2011-2709 affects libgssapi and libgssglue prior to 0.4, enabling a local user to load untrusted configuration files via the GSSAPI_MECH_CONF environment variable (demonstrated with mount.nfs). Connected advisories confirm vendor-provided patches exist (Ubuntu USN-1612-1; Mandriva MDVSA-2013:...

CVE-2011-2709

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

Fedora 17 : libgssglue-0.4-0.fc17 (2012-7971)

Fix for CVE-2011-2709 Patch from Marcus Meissner Note: Although https://bugzilla.novell.com/showbug.cgi?id=694598 mentions mount.nfs, libgssglue is not used by mount.nfs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

Fedora Update for libgssglue FEDORA-2012-8067

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 16 : libgssglue-0.4-0.fc16 (2012-8067)

Fix for CVE-2011-2709 Patch from Marcus Meissner Note: Although https://bugzilla.novell.com/showbug.cgi?id=694598 mentions mount.nfs, libgssglue is not used by mount.nfs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...