CVE-2011-2731

NameCVE-2011-2731
DescriptionRace condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs670901

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libspring-security-2.0-java (PTS)jessie, jessie (lts)2.0.7.RELEASE-3+deb8u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libspring-security-2.0-javasource(unstable)2.0.7.RELEASE-1670901

Notes

[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems