libgssapi and libgssglue before 0.4 do not properly check privileges, which
allows local users to load untrusted configuration files and execute
arbitrary code via the GSSAPI_MECH_CONF environment variable, as
demonstrated using mount.nfs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | libgssglue | < 0.1-4ubuntu0.1 | UNKNOWN |
ubuntu | 11.04 | noarch | libgssglue | < 0.1-4ubuntu1.1 | UNKNOWN |
ubuntu | 11.10 | noarch | libgssglue | < 0.3-1ubuntu1.1 | UNKNOWN |
ubuntu | 12.04 | noarch | libgssglue | < 0.3-4ubuntu0.1 | UNKNOWN |