CVE-2012-3292

The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:globus:globus_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:2.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:2.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:40

Type Values Removed Values Added
References () http://jira.globus.org/browse/GT-195 - () http://jira.globus.org/browse/GT-195 -
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html -
References () http://www.debian.org/security/2012/dsa-2523 - () http://www.debian.org/security/2012/dsa-2523 -

Information

Published : 2012-06-07 20:55

Updated : 2024-11-21 01:40


NVD link : CVE-2012-3292

Mitre link : CVE-2012-3292

CVE.ORG link : CVE-2012-3292


JSON object : View

Products Affected

globus

  • globus_toolkit
CWE
CWE-264

Permissions, Privileges, and Access Controls