CVE-2011-2709

Name of the Vulnerable Software and Affected Versions libgssglue versions prior to 0.4 libgssapi versions prior to 0.4

Description The issue concerns a problem with privilege checking in libgssapi and libgssglue, which can be exploited locally. This can lead to the execution of arbitrary code via the GSSAPI MECH CONF environment variable. For example, this can be demonstrated using mount.nfs. The exploitation of this issue may result in a breach of confidentiality, integrity, and availability of protected information.

Recommendations For libgssglue versions prior to 0.4, update to version 0.4 or later to resolve the issue. For libgssapi versions prior to 0.4, update to version 0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the GSSAPI MECH CONF environment variable to minimize the risk of exploitation.