Back to search
CVE-2012-3292
Published: Jun 7, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2012-8488
vendor-advisory
x_refsource_FEDORA
DSA-2523
vendor-advisory
x_refsource_DEBIAN
http://jira.globus.org/browse/GT-195
x_refsource_CONFIRM
FEDORA-2012-8445
vendor-advisory
x_refsource_FEDORA
FEDORA-2012-8461
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now