MidnightBSD

Advisories for umich

CVE-2011-2709 MEDIUM

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
umich libgssapi 0.2
umich libgssglue 0.1
umich libgssapi *
umich libgssapi 0.1
umich libgssglue *
umich libgssglue 0.2