Computer Security
[EN] no-pyccku

Globus GridFTP privilege escalation
SecurityVulns ID:12510
Threat Level:
Description:Insufficient validation on name lookup.
Affected:globus : Globus Toolkit 5.2
CVE:CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2523-1] globus-gridftp-server security update (13.08.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod