A vulnerability in libgssglue may allow a local attacker to gain escalated privileges.
Package | net-libs/libgssglue on all architectures |
---|---|
Affected versions | < 0.4 |
Unaffected versions | >= 0.4 |
libgssglue exports a GSSAPI interface which calls other random GSSAPI libraries.
libgssglue does not securely use getenv() when loading a library for a setuid application.
A local attacker could gain escalated privileges.
There is no known workaround at this time.
All libgssglue users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libgssglue-0.4"
Release date
September 28, 2012
Latest revision
September 28, 2012: 1
Severity
high
Exploitable
local
Bugzilla entries