C-Note-07-002: Third-party Applications Using GSS-API May Be Vulnerable to Compromise (01/10/07)

Third-party applications which utilize GSS-API and thus link to the Generic Security Services library libgss(3LIB), may allow an unauthenticated user (local or remote depending on the application) the ability to execute arbitrary code with the privileges of the application. Note: Exploitation of this vulnerability is believed to be difficult. No exploit code is known to exist at this time.

This advisory is posted at: http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1

CIAC would like to thank Sun for this information.