Canonical Fixes Libgssglue Vulnerability in Multiple OSes

Users only have to upgrade in order to solve the problem

By on October 16th, 2012 16:03 GMT

In a security notice, Canonical has published details about an libgssglue vulnerability for its Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04, and Ubuntu 10.04 LTS operating systems.

According to Canonical, privilege escalation could have been done via the GSSAPI_MECH_CONF environment variable, with setuid programs.

It was discovered that libgssapi and libgssglue, before 0.4, did not properly check privileges. It incorrectly handled the GSSAPI_MECH_CONF environment variable, when running a privileged binary. A local attacker could have exploited this vulnerability to gain root privileges.

The security flaws can be fixed if you upgrade your system(s) to the latest libgssglue1 version, specific to each operating system. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart won't be necessary to implement the changes.

Comments