CVE-2011-2709
Published Jun 21, 2012
Last updated 12 years ago
Overview
- Description
- libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.2
- Impact score
- 10
- Exploitability score
- 1.9
- Vector string
- AV:L/AC:H/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:umich:libgssglue:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A99E8102-9FD5-4E76-AFFE-F288A39E69EA",
"versionEndIncluding": "0.3"
},
{
"criteria": "cpe:2.3:a:umich:libgssglue:0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6BF044B-AEAE-466E-85F4-56189E1D20BF"
},
{
"criteria": "cpe:2.3:a:umich:libgssglue:0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00C99322-444D-4DE0-BE28-A19A27490B79"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:umich:libgssapi:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64EEA101-71A3-4A16-87B6-F9E7D8B1BD21",
"versionEndIncluding": "0.3"
},
{
"criteria": "cpe:2.3:a:umich:libgssapi:0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7159CB27-5C35-4774-9815-8CF32DB4B11F"
},
{
"criteria": "cpe:2.3:a:umich:libgssapi:0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA127D0D-7031-45E9-A513-CCF435C424FA"
}
],
"operator": "OR"
}
]
}
]