CVE-2011-2709 - OpenCVE

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:H/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Umich	Libgssapi Libgssglue

Configuration 1 [-]

OR	cpe:2.3:a:umich:libgssglue::::::::
	cpe:2.3:a:umich:libgssglue:0.1:::::::*
	cpe:2.3:a:umich:libgssglue:0.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:umich:libgssapi::::::::
	cpe:2.3:a:umich:libgssapi:0.1:::::::*
	cpe:2.3:a:umich:libgssapi:0.2:::::::*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082072.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082297.html
http://lwn.net/Alerts/449415/
http://secunia.com/advisories/45075	Vendor Advisory
http://secunia.com/advisories/50785
http://secunia.com/advisories/50973
http://www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz	Patch
http://www.openwall.com/lists/oss-security/2011/07/21/3
http://www.openwall.com/lists/oss-security/2011/07/22/4
http://www.openwall.com/lists/oss-security/2011/08/12/10
http://www.securityfocus.com/bid/48490
https://bugzilla.novell.com/show_bug.cgi?id=694598

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-21T15:00:00

Updated: 2013-03-02T10:00:00

Reserved: 2011-07-11T00:00:00

Link: CVE-2011-2709

JSON object: View

NVD Information

Status : Modified

Published: 2012-06-21T15:55:10.347

Modified: 2013-03-02T04:33:00.747

Link: CVE-2011-2709

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-18T00:00:00", "descriptions": [{"lang": "en", "value": "libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-03-02T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110721 CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/07/21/3"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=694598"}, {"name": "FEDORA-2012-7971", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082297.html"}, {"name": "45075", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45075"}, {"name": "48490", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48490"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz"}, {"name": "[oss-security] 20110722 Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/07/22/4"}, {"name": "FEDORA-2012-8067", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082072.html"}, {"name": "[oss-security] 20110812 Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/08/12/10"}, {"name": "50785", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50785"}, {"name": "50973", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50973"}, {"name": "SUSE-SU-2011:0696", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lwn.net/Alerts/449415/"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2709", "datePublished": "2012-06-21T15:00:00", "dateReserved": "2011-07-11T00:00:00", "dateUpdated": "2013-03-02T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:umich:libgssglue:*:*:*:*:*:*:*:*", "matchCriteriaId": "A99E8102-9FD5-4E76-AFFE-F288A39E69EA", "versionEndIncluding": "0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:umich:libgssglue:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F6BF044B-AEAE-466E-85F4-56189E1D20BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:umich:libgssglue:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "00C99322-444D-4DE0-BE28-A19A27490B79", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:umich:libgssapi:*:*:*:*:*:*:*:*", "matchCriteriaId": "64EEA101-71A3-4A16-87B6-F9E7D8B1BD21", "versionEndIncluding": "0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:umich:libgssapi:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7159CB27-5C35-4774-9815-8CF32DB4B11F", "vulnerable": true}, {"criteria": "cpe:2.3:a:umich:libgssapi:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA127D0D-7031-45E9-A513-CCF435C424FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs."}, {"lang": "es", "value": "libgssapi y libgssglue antes de v0.4 no comprueba correctamente los privilegios, lo que permite cargar archivos de configuraci\u00f3n no confiables a usuarios locales y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de la variable de entorno GSSAPI_MECH_CONF, como se ha demostrado utilizando mount.nfs."}], "id": "CVE-2011-2709", "lastModified": "2013-03-02T04:33:00.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-21T15:55:10.347", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082072.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082297.html"}, {"source": "secalert@redhat.com", "url": "http://lwn.net/Alerts/449415/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45075"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50785"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50973"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/07/21/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/07/22/4"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/08/12/10"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/48490"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.novell.com/show_bug.cgi?id=694598"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}