Unrated severityNVD Advisory· Published Jun 21, 2012· Updated Apr 29, 2026
CVE-2011-2709
CVE-2011-2709
Description
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
Affected products
6cpe:2.3:a:umich:libgssglue:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:umich:libgssglue:*:*:*:*:*:*:*:*range: <=0.3
- cpe:2.3:a:umich:libgssglue:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:umich:libgssglue:0.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gznvdPatch
- secunia.com/advisories/45075nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2012-June/082072.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-June/082297.htmlnvd
- lwn.net/Alerts/449415/nvd
- secunia.com/advisories/50785nvd
- secunia.com/advisories/50973nvd
- www.openwall.com/lists/oss-security/2011/07/21/3nvd
- www.openwall.com/lists/oss-security/2011/07/22/4nvd
- www.openwall.com/lists/oss-security/2011/08/12/10nvd
- www.securityfocus.com/bid/48490nvd
- bugzilla.novell.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.