GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Fri Sep 28, 2012 2:26 am Post subject: [ GLSA 201209-22 ] libgssglue: Privilege escalation |
|
|
Gentoo Linux Security Advisory
Title: libgssglue: Privilege escalation (GLSA 201209-22)
Severity: high
Exploitable: local
Date: September 28, 2012
Bug(s): #385321
ID: 201209-22
Synopsis
A vulnerability in libgssglue may allow a local attacker to gain
escalated privileges.
Background
libgssglue exports a GSSAPI interface which calls other random GSSAPI
libraries.
Affected Packages
Package: net-libs/libgssglue
Vulnerable: < 0.4
Unaffected: >= 0.4
Architectures: All supported architectures
Description
libgssglue does not securely use getenv() when loading a library for a
setuid application.
Impact
A local attacker could gain escalated privileges.
Workaround
There is no known workaround at this time.
Resolution
All libgssglue users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libgssglue-0.4"
|
References
CVE-2011-2709 |
|