RSS   Vulnerabilities for 'Libgssglue'   RSS

2012-06-21
 
CVE-2011-2709

CWE-264
 

 
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.

 

 >>> Vendor: Umich 2 Products
Libgssapi
Libgssglue


Copyright 2019, cxsecurity.com

 

Back to Top