CVE-2006-4233 | Vulnerability Database | Aqua Security

Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.

Affected Software

Name	Vendor	Start Version	End Version
Globus_toolkit	Globus	3.2.0 (including)	3.2.0 (including)
Globus_toolkit	Globus	4.0.0 (including)	4.0.0 (including)
Globus_toolkit	Globus	4.1.0 (including)	4.1.0 (including)

References

http://secunia.com/advisories/21516
http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html
http://www.securityfocus.com/bid/19549
http://www.vupen.com/english/advisories/2006/3290
https://exchange.xforce.ibmcloud.com/vulnerabilities/28410
http://secunia.com/advisories/21516
http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html
http://www.securityfocus.com/bid/19549
http://www.vupen.com/english/advisories/2006/3290
https://exchange.xforce.ibmcloud.com/vulnerabilities/28410

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4233
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html