Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 07/06/2012 Updated: 07/09/2012

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

VMScore: 676

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

The GridFTP in Globus Toolkit (GT) prior to 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote malicious users to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
globus globus toolkit
globus globus toolkit 5.0.0
globus globus toolkit 4.2.1
globus globus toolkit 4.0.3
globus globus toolkit 4.0.2
globus globus toolkit 4.0.1
globus globus toolkit 5.0.2
globus globus toolkit 5.0.1
globus globus toolkit 4.0.5
globus globus toolkit 4.0.4
globus globus toolkit 2.2
globus globus toolkit 2.0
globus globus toolkit 5.2.0
globus globus toolkit 5.0.5
globus globus toolkit 4.2.0
globus globus toolkit 4.0.8
globus globus toolkit 4.0.0
globus globus toolkit 3.2.1
globus globus toolkit 5.0.4
globus globus toolkit 5.0.3
globus globus toolkit 4.0.7
globus globus toolkit 4.0.6
globus globus toolkit 3.0.2
globus globus toolkit 2.4.3

CWE-264 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html http://jira.globus.org/browse/GT-195 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html http://www.debian.org/security/2012/dsa-2523 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3292

Vulnerability Summary

References

Vulmon Search

About

Products

Connect