CVE-2011-2709
CVE-2011-2709 affects libgssapi and libgssglue prior to 0.4, enabling a local user to load untrusted configuration files via the GSSAPI_MECH_CONF environment variable (demonstrated with mount.nfs). Connected advisories confirm vendor-provided patches exist (Ubuntu USN-1612-1; Mandriva MDVSA-2013:...