Wind River Support Network

HomeDefectsLIN4-20878
Fixed

LIN4-20878 : Security Advisory - libgssglue - CVE-2011-2709

Created: Apr 18, 2013    Updated: Mar 10, 2016
Resolved Date: Jul 18, 2014
Previous ID: LIN5-8023
Found In Version: 4.3.0.26
Fix Version: 4.3.0.27
Severity: Standard
Applicable for: Wind River Linux 4
Component/s: Userspace

Description

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2709

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online