Upstream information
Description
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 6.2 |
Vector | AV:L/AC:H/Au:N/C:C/I:C/A:C |
Access Vector | Local |
Access Complexity | High |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 12 SP1 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP1 GA libgssglue1-0.4-3.83 SUSE Linux Enterprise Software Development Kit 12 SP1 GA libgssglue-devel-0.4-3.83 |
SUSE Linux Enterprise Desktop 12 SP2 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP2 GA libgssglue1-0.4-3.83 SUSE Linux Enterprise Software Development Kit 12 SP2 GA libgssglue-devel-0.4-3.76 |
SUSE Linux Enterprise Desktop 12 SP3 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP3 GA libgssglue1-0.4-3.83 SUSE Linux Enterprise Software Development Kit 12 SP3 GA libgssglue-devel-0.4-3.76 |
SUSE Linux Enterprise Desktop 12 SP4 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP4 GA libgssglue1-0.4-3.83 SUSE Linux Enterprise Software Development Kit 12 SP4 GA libgssglue-devel-0.4-3.76 |
SUSE Linux Enterprise Desktop 12 |
| Patchnames: SUSE Linux Enterprise Desktop 12 GA libgssglue1-0.4-3.83 SUSE Linux Enterprise Software Development Kit 12 GA libgssglue-devel-0.4-3.83 |
SUSE Linux Enterprise High Performance Computing 12 SP5 |
| Patchnames: SUSE Linux Enterprise High Performance Computing 12 SP5 GA libgssglue1-0.4-3.76 |
SUSE Linux Enterprise Server 12 SP1 |
| Patchnames: SUSE Linux Enterprise Server 12 SP1 GA libgssglue1-0.4-3.83 SUSE Linux Enterprise Software Development Kit 12 SP1 GA libgssglue-devel-0.4-3.83 |
SUSE Linux Enterprise Server 12 SP2 |
| Patchnames: SUSE Linux Enterprise Server 12 SP2 GA libgssglue1-0.4-3.76 SUSE Linux Enterprise Software Development Kit 12 SP2 GA libgssglue-devel-0.4-3.76 |
SUSE Linux Enterprise Server 12 SP3 |
| Patchnames: SUSE Linux Enterprise Server 12 SP3 GA libgssglue1-0.4-3.76 SUSE Linux Enterprise Software Development Kit 12 SP3 GA libgssglue-devel-0.4-3.76 |
SUSE Linux Enterprise Server 12 SP4 |
| Patchnames: SUSE Linux Enterprise Server 12 SP4 GA libgssglue1-0.4-3.76 SUSE Linux Enterprise Software Development Kit 12 SP4 GA libgssglue-devel-0.4-3.76 |
SUSE Linux Enterprise Server 12 SP5 |
| Patchnames: SUSE Linux Enterprise Server 12 SP5 GA libgssglue1-0.4-3.76 SUSE Linux Enterprise Software Development Kit 12 SP5 GA libgssglue-devel-0.4-3.76 |
SUSE Linux Enterprise Server 12 |
| Patchnames: SUSE Linux Enterprise Server 12 GA libgssglue1-0.4-3.76 SUSE Linux Enterprise Software Development Kit 12 GA libgssglue-devel-0.4-3.83 |
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 |
| Patchnames: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libgssglue1-0.4-3.76 |
SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA libgssglue-devel-0.4-3.83 |
SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP2 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA libgssglue-devel-0.4-3.76 |
SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP3 GA libgssglue-devel-0.4-3.76 |
SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP4 GA libgssglue-devel-0.4-3.76 |
SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP5 GA libgssglue-devel-0.4-3.76 |
SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 GA libgssglue-devel-0.4-3.83 |
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA libgssglue-devel-0.4-5.10 |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 19:12:55 2013CVE page last modified: Mon Dec 12 17:42:40 2022