OPENSUSE-SU-2024:10085-1 libgssglue-devel-0.4-5.10 on GA media

These are all security issues fixed in the libgssglue-devel-0.4-5.10 package on the GA media of openSUSE Tumbleweed...

RHEL 6 : libgssapi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their...

Mandriva Linux Security Advisory : libgssglue (MDVSA-2013:043)

This update fixes insecure getenv usage in libgssglue, which could be used under some circumstances by local attackers do gain root privileges CVE-2011-2709. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandriva...

[ MDVSA-2013:043 ] libgssglue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:043 http://www.mandriva.com/en/support/security/ Package : libgssglue Date : April 5, 2013 Affected: Business Server 1.0 Problem Description: This update fixes insecure getenv usage in libgssglue, which coul...

Ubuntu Update for libgssglue USN-1612-1

Ubuntu Update for Linux kernel vulnerabilities USN-1612-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16121.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for libgssglue USN-1612-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net...

Ubuntu: Security Advisory (USN-1612-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libgssglue vulnerability (USN-1612-1)

It was discovered that libgssglue incorrectly handled the GSSAPIMECHCONF environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. CVE-2011-2709. Note that Tenable Network Security has extracted the preceding description block directly fro...

USN-1612-1: libgssglue vulnerability

It was discovered that libgssglue incorrectly handled the GSSAPIMECHCONF environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. CVE-2011-2709...

Gentoo Security Advisory GLSA 201209-22 (libgssglue)

The remote host is missing updates announced in advisory GLSA 201209-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 201209-22 (libgssglue)

The remote host is missing updates announced in advisory GLSA 201209-22. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

GLSA-201209-22 : libgssglue: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201209-22 libgssglue: Privilege escalation libgssglue does not securely use getenv when loading a library for a setuid application. Impact : A local attacker could gain escalated privileges. Workaround : There is no known workarou...

libgssglue: Privilege escalation

Background libgssglue exports a GSSAPI interface which calls other random GSSAPI libraries. Description libgssglue does not securely use getenv when loading a library for a setuid application. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this...

Fedora Update for libgssglue FEDORA-2012-7971

Check for the Version of libgssglue OpenVAS Vulnerability Test Fedora Update for libgssglue FEDORA-2012-7971 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Fedora Update for libgssglue FEDORA-2012-7971

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2011-2709

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

DEBIAN-CVE-2011-2709

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

Code injection

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

CVE-2011-2709

CVE-2011-2709 affects libgssapi and libgssglue prior to 0.4, enabling a local user to load untrusted configuration files via the GSSAPI_MECH_CONF environment variable (demonstrated with mount.nfs). Connected advisories confirm vendor-provided patches exist (Ubuntu USN-1612-1; Mandriva MDVSA-2013:...

CVE-2011-2709

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

CVE-2011-2709

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...