Computer Security
[EN] securityvulns.ru no-pyccku


Globus GridFTP privilege escalation
Published:13.08.2012
Source:
SecurityVulns ID:12510
Type:library
Threat Level:
5/10
Description:Insufficient validation on name lookup.
Affected:globus : Globus Toolkit 5.2
CVE:CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2523-1] globus-gridftp-server security update (13.08.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod