Privilege Escalation via Untrusted Configuration File Loading in libgssapi and libgssglue
CVE-2011-2709 · MEDIUM Severity
AV:L/AC:H/AU:N/C:C/I:C/A:C
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.
Learn more about our Api Penetration Testing.