VDB
CVE-2011-2709
CVE-2011-2709
PUBLISHED
CVSS 6.199999809265137 MEDIUM
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
EPSS 0.12% · 30.2th percentile
Risk Scores
CVSS 2.0
6.199999809265137
EPSS Score
0.12%
30.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| umich | libgssglue | 0.1, 0.2, 0 |
| umich | libgssapi | 0, 0.2, 0.1 |
Exploit Intelligence
- [oss-security] 20110721 CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization (circl)
- https://bugzilla.novell.com/show_bug.cgi?id=694598 (circl)
- FEDORA-2012-7971 (circl)
- 45075 (circl)
- 48490 (circl)
- http://www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz (circl)
- [oss-security] 20110722 Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization (circl)
- FEDORA-2012-8067 (circl)
- [oss-security] 20110812 Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization (circl)
- 50785 (circl)
…and 2 more exploits
Timeline
- Jun 21, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- [oss-security] 20110721 CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization mailing-list
- https://bugzilla.novell.com/show_bug.cgi?id=694598 url
- FEDORA-2012-7971 vendor-advisory
- 45075 third-party-advisory
- 48490 vdb
- http://www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz url
- [oss-security] 20110722 Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization mailing-list
- FEDORA-2012-8067 vendor-advisory
- [oss-security] 20110812 Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization mailing-list
- 50785 third-party-advisory
- 50973 third-party-advisory
- SUSE-SU-2011:0696 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-2709 advisory
- http://lwn.net/Alerts/449415 url