CVE-2006-4232 | Vulnerability Database | Aqua Security

Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access.

Affected Software

Name	Vendor	Start Version	End Version
Globus_toolkit	Globus	3.2.0 (including)	3.2.0 (including)
Globus_toolkit	Globus	4.0.0 (including)	4.0.0 (including)
Globus_toolkit	Globus	4.1.0 (including)	4.1.0 (including)

References

http://secunia.com/advisories/21516
http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html
http://www.securityfocus.com/bid/19549
http://www.vupen.com/english/advisories/2006/3290
https://exchange.xforce.ibmcloud.com/vulnerabilities/28408
http://secunia.com/advisories/21516
http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html
http://www.securityfocus.com/bid/19549
http://www.vupen.com/english/advisories/2006/3290
https://exchange.xforce.ibmcloud.com/vulnerabilities/28408

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4232
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html