The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-06-07T20:00:00

Updated: 2024-08-06T19:57:50.522Z

Reserved: 2012-06-07T00:00:00

Link: CVE-2012-3292

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-06-07T20:55:02.353

Modified: 2024-11-21T01:40:35.740

Link: CVE-2012-3292

cve-icon Redhat

No data.