CVE-2012-3292

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2012-3292
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.

7.6 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html
http://jira.globus.org/browse/GT-195
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html
http://www.debian.org/security/2012/dsa-2523
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:globus:globus_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:2.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:2.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.2.0:*:*:*:*:*:*:*
Information

Published : 2012-06-07 13:55

Updated : 2012-09-06 21:30

NVD link : CVE-2012-3292

Mitre link : CVE-2012-3292

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

globus

  • globus_toolkit