CVE Vulnerabilities

CVE-2012-3292

Published: Jun 07, 2012 | Modified: Sep 07, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.6 HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.

Affected Software

Name Vendor Start Version End Version
Globus_toolkit Globus 5.0.0 5.0.0
Globus_toolkit Globus 4.0.4 4.0.4
Globus_toolkit Globus 5.0.2 5.0.2
Globus_toolkit Globus 4.0.8 4.0.8
Globus_toolkit Globus 4.0.5 4.0.5
Globus_toolkit Globus 2.2 2.2
Globus_toolkit Globus 3.0.2 3.0.2
Globus_toolkit Globus 2.4.3 2.4.3
Globus_toolkit Globus 5.0.4 5.0.4
Globus_toolkit Globus 4.0.1 4.0.1
Globus_toolkit Globus 5.0.5 5.0.5
Globus_toolkit Globus 5.0.3 5.0.3
Globus_toolkit Globus 4.0.7 4.0.7
Globus_toolkit Globus 4.0.3 4.0.3
Globus_toolkit Globus 4.2.1 4.2.1
Globus_toolkit Globus 4.2.0 4.2.0
Globus_toolkit Globus * 5.2.1
Globus_toolkit Globus 4.0.2 4.0.2
Globus_toolkit Globus 2.0 2.0
Globus_toolkit Globus 4.0.6 4.0.6
Globus_toolkit Globus 3.2.1 3.2.1
Globus_toolkit Globus 4.0.0 4.0.0
Globus_toolkit Globus 5.2.0 5.2.0
Globus_toolkit Globus 5.0.1 5.0.1

References