Upstream information

CVE-2011-2709 at MITRE

Description

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.2
Vector AV:L/AC:H/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 694598 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12 SP1
  • libgssglue-devel >= 0.4-3.83
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libgssglue1-0.4-3.83
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libgssglue-devel-0.4-3.83
SUSE Linux Enterprise Desktop 12 SP2
  • libgssglue-devel >= 0.4-3.83
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libgssglue1-0.4-3.83
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libgssglue-devel-0.4-3.76
SUSE Linux Enterprise Desktop 12 SP3
  • libgssglue-devel >= 0.4-3.83
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libgssglue1-0.4-3.83
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libgssglue-devel-0.4-3.76
SUSE Linux Enterprise Desktop 12 SP4
  • libgssglue-devel >= 0.4-3.83
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Desktop 12 SP4 GA libgssglue1-0.4-3.83
SUSE Linux Enterprise Software Development Kit 12 SP4 GA libgssglue-devel-0.4-3.76
SUSE Linux Enterprise Desktop 12
  • libgssglue-devel >= 0.4-3.83
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libgssglue1-0.4-3.83
SUSE Linux Enterprise Software Development Kit 12 GA libgssglue-devel-0.4-3.83
SUSE Linux Enterprise High Performance Computing 12 SP5
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise High Performance Computing 12 SP5 GA libgssglue1-0.4-3.76
SUSE Linux Enterprise Server 12 SP1
  • libgssglue-devel >= 0.4-3.83
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libgssglue1-0.4-3.83
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libgssglue-devel-0.4-3.83
SUSE Linux Enterprise Server 12 SP2
  • libgssglue-devel >= 0.4-3.83
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libgssglue1-0.4-3.76
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libgssglue-devel-0.4-3.76
SUSE Linux Enterprise Server 12 SP3
  • libgssglue-devel >= 0.4-3.83
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libgssglue1-0.4-3.76
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libgssglue-devel-0.4-3.76
SUSE Linux Enterprise Server 12 SP4
  • libgssglue-devel >= 0.4-3.83
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Server 12 SP4 GA libgssglue1-0.4-3.76
SUSE Linux Enterprise Software Development Kit 12 SP4 GA libgssglue-devel-0.4-3.76
SUSE Linux Enterprise Server 12 SP5
  • libgssglue-devel >= 0.4-3.83
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Server 12 SP5 GA libgssglue1-0.4-3.76
SUSE Linux Enterprise Software Development Kit 12 SP5 GA libgssglue-devel-0.4-3.76
SUSE Linux Enterprise Server 12
  • libgssglue-devel >= 0.4-3.83
  • libgssglue1 >= 0.4-3.83
  • libgssglue1-32bit >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Server 12 GA libgssglue1-0.4-3.76
SUSE Linux Enterprise Software Development Kit 12 GA libgssglue-devel-0.4-3.83
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libgssglue1 >= 0.4-3.76
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libgssglue1-0.4-3.76
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libgssglue-devel >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libgssglue-devel-0.4-3.83
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libgssglue-devel >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libgssglue-devel-0.4-3.76
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libgssglue-devel >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libgssglue-devel-0.4-3.76
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP4
  • libgssglue-devel >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP4 GA libgssglue-devel-0.4-3.76
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
  • libgssglue-devel >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP5 GA libgssglue-devel-0.4-3.76
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
  • libgssglue-devel >= 0.4-3.83
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libgssglue-devel-0.4-3.83
openSUSE Tumbleweed
  • libgssglue-devel >= 0.4-5.10
  • libgssglue1 >= 0.4-5.10
  • libgssglue1-32bit >= 0.4-5.10
Patchnames:
openSUSE Tumbleweed GA libgssglue-devel-0.4-5.10


SUSE Timeline for this CVE

CVE page created: Tue Jul 9 19:12:55 2013
CVE page last modified: Mon Dec 12 17:42:40 2022