Privilege Escalation via Untrusted Configuration File Loading in libgssapi and libgssglue

CVE-2011-2709 · MEDIUM Severity

AV:L/AC:H/AU:N/C:C/I:C/A:C

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.

Learn more about our Api Penetration Testing.