The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-06-07T20:00:00
Updated: 2024-08-06T19:57:50.522Z
Reserved: 2012-06-07T00:00:00
Link: CVE-2012-3292
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-06-07T20:55:02.353
Modified: 2024-11-21T01:40:35.740
Link: CVE-2012-3292
Redhat
No data.