Search criteria
15 vulnerabilities found for globus_toolkit by globus
FKIE_CVE-2012-3292
Vulnerability from fkie_nvd - Published: 2012-06-07 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| globus | globus_toolkit | * | |
| globus | globus_toolkit | 2.0 | |
| globus | globus_toolkit | 2.2 | |
| globus | globus_toolkit | 2.4.3 | |
| globus | globus_toolkit | 3.0.2 | |
| globus | globus_toolkit | 3.2.1 | |
| globus | globus_toolkit | 4.0.0 | |
| globus | globus_toolkit | 4.0.1 | |
| globus | globus_toolkit | 4.0.2 | |
| globus | globus_toolkit | 4.0.3 | |
| globus | globus_toolkit | 4.0.4 | |
| globus | globus_toolkit | 4.0.5 | |
| globus | globus_toolkit | 4.0.6 | |
| globus | globus_toolkit | 4.0.7 | |
| globus | globus_toolkit | 4.0.8 | |
| globus | globus_toolkit | 4.2.0 | |
| globus | globus_toolkit | 4.2.1 | |
| globus | globus_toolkit | 5.0.0 | |
| globus | globus_toolkit | 5.0.1 | |
| globus | globus_toolkit | 5.0.2 | |
| globus | globus_toolkit | 5.0.3 | |
| globus | globus_toolkit | 5.0.4 | |
| globus | globus_toolkit | 5.0.5 | |
| globus | globus_toolkit | 5.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B61A69A-392E-4C66-A920-9E4ACF014E3A",
"versionEndIncluding": "5.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C07506-FE73-4DDE-833B-ABE512FD3CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59674F69-7F3F-470C-B94A-F6489A02CE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39395831-27F6-4C82-8A1B-B5741CA1CC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7EDA4D-B70F-4F36-AF4C-64A10D6AC220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8B35E8-8FA7-4F05-BF87-35BF9D65AB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E69418-82DA-49DD-BB34-8CD79C3BF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BBBA8DA-2E26-472F-A3D6-ED7A4D60771B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F4376988-287C-4E82-B559-F7437C308BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B130CFC3-3666-4D88-BECA-8E8A5A4BD0D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D81580E-40B7-43A2-B19E-C6CE3A8421EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "862CA57E-DB5F-441D-A926-2F1C8DFD6784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E998E788-6F1A-4303-A68A-3723AB558E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7931AA1F-6AAC-4562-8EF6-C562AA523176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "965C49A0-2D1D-4A06-BF0D-B8111DB00599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA91B146-766D-4B76-8AD0-545C7AF861E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC7F324-057B-41F9-9EA2-DCDC8122AFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A290F1E-261D-4B41-9D33-A93091BE6E88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55414096-387E-48E7-BB53-80C0ED73708B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59625B10-2AB6-4E37-987B-B420C25C49E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "717BE0FD-28BD-4B24-9597-B6965956A67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B36E23-B862-46F6-BCC6-D2C0C348DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9618E726-87D9-49D4-9BB0-E2555D9C2B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E74D337-95AB-4079-B2D0-D48A8F5A0AD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file."
},
{
"lang": "es",
"value": "GridFTP en Globus Toolkit (GT) antes de v5.2.2, cuando ciertas macros de autoconf se definen, no comprueba correctamente el valor devuelto por la funci\u00f3n getpwnam_r, lo que podr\u00eda permitir a atacantes remotos obtener privilegios iniciando sesi\u00f3n con un usuario que no existe , lo que provoca que GridFTP se ejecute como \u00faltimo usuario del archivo de contrase\u00f1as."
}
],
"id": "CVE-2012-3292",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-07T20:55:02.353",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jira.globus.org/browse/GT-195"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jira.globus.org/browse/GT-195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2523"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-0738
Vulnerability from fkie_nvd - Published: 2011-02-02 01:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ncsa | myproxy | 5.0 | |
| ncsa | myproxy | 5.1 | |
| ncsa | myproxy | 5.2 | |
| globus | globus_toolkit | 5.0.0 | |
| globus | globus_toolkit | 5.0.1 | |
| globus | globus_toolkit | 5.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ncsa:myproxy:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7FADB96A-A9AF-48D7-99AB-FE73A4BD54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncsa:myproxy:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD094F8F-A907-4920-9488-1CDA2F099071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncsa:myproxy:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7300CC47-9A4E-45FB-A586-2219E68FC8E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A290F1E-261D-4B41-9D33-A93091BE6E88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55414096-387E-48E7-BB53-80C0ED73708B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59625B10-2AB6-4E37-987B-B420C25C49E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation."
},
{
"lang": "es",
"value": "MyProxy v5.0 hasta v5.2, tal como se utiliza en Globus Toolkit v5.0.0 hasta v5.0.2, no comprueba correctamente (1) el nombre de host o (2) la identidad en el certificado X.509 para el myproxy-servidor, lo que permite a atacantes remotos suplantar el servidor y llevar a cabo ataques man-in-the-middle (MITM) a trav\u00e9s de certificados manipulados cuando se ejecuta (a) myproxy-logon o (b) myproxy-get-delegation."
}
],
"id": "CVE-2011-0738",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-02T01:00:06.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/70494"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42972"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43103"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45916"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0227"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2784
Vulnerability from fkie_nvd - Published: 2007-05-21 23:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| globus | globus_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2943697D-607D-45D9-9A42-BCA92F705C1C",
"versionEndIncluding": "4.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en globus-job-manager en Globus Toolkit 4.1.1 y anteriores (globus_nexus-6.6 y anteriores) permite a atacantes remotos provocar denegaci\u00f3n de servicio (consumo de recursos y caida de sistema) a trav\u00e9s de ciertas respuestas en los puertos TCP temporales para una tarea GARM2 o sus aplicaciones MPICH-G2."
}
],
"id": "CVE-2007-2784",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-21T23:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugzilla.globus.org/globus/show_bug.cgi?id=5297"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36094"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25323"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.globus.org/toolkit/advisories.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24051"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.globus.org/globus/show_bug.cgi?id=5297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.globus.org/toolkit/advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34374"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4233
Vulnerability from fkie_nvd - Published: 2006-08-18 20:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| globus | globus_toolkit | 3.2.0 | |
| globus | globus_toolkit | 4.0.0 | |
| globus | globus_toolkit | 4.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F72CDC1D-4CF8-4E8A-8A7F-1C41A21DAD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E69418-82DA-49DD-BB34-8CD79C3BF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF249FE-99B9-45CC-B666-B59F2589DFC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config."
},
{
"lang": "es",
"value": "Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 anterior al 15/08/2006 permite a usuarios locales obtener informaci\u00f3n sensible (certificados del proxy) y sobrescribir archivos de su elecci\u00f3n mediante un ataque de enlace simb\u00f3lico en archivos temporales en el directorio /tmp, como ha sido demostrado con archivos creados por (1) myproxy-admin-adduser, (2) grid-ca-sign, y (3) grid-security-config."
}
],
"id": "CVE-2006-4233",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-18T20:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://secunia.com/advisories/21516"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19549"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://secunia.com/advisories/21516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28410"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4232
Vulnerability from fkie_nvd - Published: 2006-08-18 20:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| globus | globus_toolkit | 3.2.0 | |
| globus | globus_toolkit | 4.0.0 | |
| globus | globus_toolkit | 4.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F72CDC1D-4CF8-4E8A-8A7F-1C41A21DAD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E69418-82DA-49DD-BB34-8CD79C3BF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:globus:globus_toolkit:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF249FE-99B9-45CC-B666-B59F2589DFC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la herramienta grid-proxy-init en Globus Toolkit 3.2.x, 4.0.2, y 4.1.0 anterior al 15/08/2006 permite a usuarios locales robar informaci\u00f3n de credenciales reemplazando el archivo de credenciales del proxy entre la creaci\u00f3n del archivo y la comprobaci\u00f3n de acceso exclusivo al archivo."
}
],
"id": "CVE-2006-4232",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-18T20:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21516"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19549"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-3292 (GCVE-0-2012-3292)
Vulnerability from cvelistv5 – Published: 2012-06-07 20:00 – Updated: 2024-08-06 19:57
VLAI?
Summary
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-8488",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html"
},
{
"name": "DSA-2523",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2523"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.globus.org/browse/GT-195"
},
{
"name": "FEDORA-2012-8445",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html"
},
{
"name": "FEDORA-2012-8461",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2012-8488",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html"
},
{
"name": "DSA-2523",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2523"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.globus.org/browse/GT-195"
},
{
"name": "FEDORA-2012-8445",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html"
},
{
"name": "FEDORA-2012-8461",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-8488",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html"
},
{
"name": "DSA-2523",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2523"
},
{
"name": "http://jira.globus.org/browse/GT-195",
"refsource": "CONFIRM",
"url": "http://jira.globus.org/browse/GT-195"
},
{
"name": "FEDORA-2012-8445",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html"
},
{
"name": "FEDORA-2012-8461",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3292",
"datePublished": "2012-06-07T20:00:00",
"dateReserved": "2012-06-07T00:00:00",
"dateUpdated": "2024-08-06T19:57:50.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0738 (GCVE-0-2011-0738)
Vulnerability from cvelistv5 – Published: 2011-02-02 00:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:52.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-0514",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"
},
{
"name": "ADV-2011-0227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0227"
},
{
"name": "[security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"
},
{
"name": "43103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43103"
},
{
"name": "myproxy-ssl-spoofing(64830)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"
},
{
"name": "FEDORA-2011-0512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"
},
{
"name": "45916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45916"
},
{
"name": "70494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70494"
},
{
"name": "42972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2011-0514",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"
},
{
"name": "ADV-2011-0227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0227"
},
{
"name": "[security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"
},
{
"name": "43103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43103"
},
{
"name": "myproxy-ssl-spoofing(64830)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"
},
{
"name": "FEDORA-2011-0512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"
},
{
"name": "45916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45916"
},
{
"name": "70494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70494"
},
{
"name": "42972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42972"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2011-0514",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"
},
{
"name": "ADV-2011-0227",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0227"
},
{
"name": "[security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server",
"refsource": "MLIST",
"url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"
},
{
"name": "43103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43103"
},
{
"name": "myproxy-ssl-spoofing(64830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"
},
{
"name": "FEDORA-2011-0512",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"
},
{
"name": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt",
"refsource": "MISC",
"url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"
},
{
"name": "45916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45916"
},
{
"name": "70494",
"refsource": "OSVDB",
"url": "http://osvdb.org/70494"
},
{
"name": "42972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42972"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0738",
"datePublished": "2011-02-02T00:00:00",
"dateReserved": "2011-02-01T00:00:00",
"dateUpdated": "2024-08-06T22:05:52.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2784 (GCVE-0-2007-2784)
Vulnerability from cvelistv5 – Published: 2007-05-21 23:00 – Updated: 2024-08-07 13:49
VLAI?
Summary
Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25323"
},
{
"name": "36094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.globus.org/toolkit/advisories.html"
},
{
"name": "globus-globusjobmanager-dos(34374)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34374"
},
{
"name": "[glbs-security-announce] 20070517 Globus Security Advisory 2007-03: Nexus vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.globus.org/globus/show_bug.cgi?id=5297"
},
{
"name": "24051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25323"
},
{
"name": "36094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.globus.org/toolkit/advisories.html"
},
{
"name": "globus-globusjobmanager-dos(34374)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34374"
},
{
"name": "[glbs-security-announce] 20070517 Globus Security Advisory 2007-03: Nexus vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.globus.org/globus/show_bug.cgi?id=5297"
},
{
"name": "24051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25323"
},
{
"name": "36094",
"refsource": "OSVDB",
"url": "http://osvdb.org/36094"
},
{
"name": "http://www.globus.org/toolkit/advisories.html",
"refsource": "CONFIRM",
"url": "http://www.globus.org/toolkit/advisories.html"
},
{
"name": "globus-globusjobmanager-dos(34374)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34374"
},
{
"name": "[glbs-security-announce] 20070517 Globus Security Advisory 2007-03: Nexus vulnerability",
"refsource": "MLIST",
"url": "http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html"
},
{
"name": "http://bugzilla.globus.org/globus/show_bug.cgi?id=5297",
"refsource": "CONFIRM",
"url": "http://bugzilla.globus.org/globus/show_bug.cgi?id=5297"
},
{
"name": "24051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2784",
"datePublished": "2007-05-21T23:00:00",
"dateReserved": "2007-05-21T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4233 (GCVE-0-2006-4233)
Vulnerability from cvelistv5 – Published: 2006-08-18 19:55 – Updated: 2024-08-07 18:57
VLAI?
Summary
Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[security-announce] 20060815 Temporary File Handling Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html"
},
{
"name": "ADV-2006-3290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "21516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19549"
},
{
"name": "globus-tmp-symlink(28410)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[security-announce] 20060815 Temporary File Handling Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html"
},
{
"name": "ADV-2006-3290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "21516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19549"
},
{
"name": "globus-tmp-symlink(28410)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20060815 Temporary File Handling Vulnerability",
"refsource": "MLIST",
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html"
},
{
"name": "ADV-2006-3290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "21516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19549"
},
{
"name": "globus-tmp-symlink(28410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4233",
"datePublished": "2006-08-18T19:55:00",
"dateReserved": "2006-08-18T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4232 (GCVE-0-2006-4232)
Vulnerability from cvelistv5 – Published: 2006-08-18 19:55 – Updated: 2024-08-07 18:57
VLAI?
Summary
Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "globus-grid-proxy-race-condition(28408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408"
},
{
"name": "[security-announce] 20060815 Proxy Generation Tool Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html"
},
{
"name": "21516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "globus-grid-proxy-race-condition(28408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408"
},
{
"name": "[security-announce] 20060815 Proxy Generation Tool Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html"
},
{
"name": "21516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "globus-grid-proxy-race-condition(28408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408"
},
{
"name": "[security-announce] 20060815 Proxy Generation Tool Vulnerability",
"refsource": "MLIST",
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html"
},
{
"name": "21516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4232",
"datePublished": "2006-08-18T19:55:00",
"dateReserved": "2006-08-18T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3292 (GCVE-0-2012-3292)
Vulnerability from nvd – Published: 2012-06-07 20:00 – Updated: 2024-08-06 19:57
VLAI?
Summary
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-8488",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html"
},
{
"name": "DSA-2523",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2523"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.globus.org/browse/GT-195"
},
{
"name": "FEDORA-2012-8445",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html"
},
{
"name": "FEDORA-2012-8461",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2012-8488",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html"
},
{
"name": "DSA-2523",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2523"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.globus.org/browse/GT-195"
},
{
"name": "FEDORA-2012-8445",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html"
},
{
"name": "FEDORA-2012-8461",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-8488",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html"
},
{
"name": "DSA-2523",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2523"
},
{
"name": "http://jira.globus.org/browse/GT-195",
"refsource": "CONFIRM",
"url": "http://jira.globus.org/browse/GT-195"
},
{
"name": "FEDORA-2012-8445",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html"
},
{
"name": "FEDORA-2012-8461",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3292",
"datePublished": "2012-06-07T20:00:00",
"dateReserved": "2012-06-07T00:00:00",
"dateUpdated": "2024-08-06T19:57:50.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0738 (GCVE-0-2011-0738)
Vulnerability from nvd – Published: 2011-02-02 00:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:52.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-0514",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"
},
{
"name": "ADV-2011-0227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0227"
},
{
"name": "[security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"
},
{
"name": "43103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43103"
},
{
"name": "myproxy-ssl-spoofing(64830)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"
},
{
"name": "FEDORA-2011-0512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"
},
{
"name": "45916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45916"
},
{
"name": "70494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70494"
},
{
"name": "42972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2011-0514",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"
},
{
"name": "ADV-2011-0227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0227"
},
{
"name": "[security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"
},
{
"name": "43103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43103"
},
{
"name": "myproxy-ssl-spoofing(64830)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"
},
{
"name": "FEDORA-2011-0512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"
},
{
"name": "45916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45916"
},
{
"name": "70494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70494"
},
{
"name": "42972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42972"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2011-0514",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"
},
{
"name": "ADV-2011-0227",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0227"
},
{
"name": "[security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server",
"refsource": "MLIST",
"url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"
},
{
"name": "43103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43103"
},
{
"name": "myproxy-ssl-spoofing(64830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"
},
{
"name": "FEDORA-2011-0512",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"
},
{
"name": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt",
"refsource": "MISC",
"url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"
},
{
"name": "45916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45916"
},
{
"name": "70494",
"refsource": "OSVDB",
"url": "http://osvdb.org/70494"
},
{
"name": "42972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42972"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0738",
"datePublished": "2011-02-02T00:00:00",
"dateReserved": "2011-02-01T00:00:00",
"dateUpdated": "2024-08-06T22:05:52.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2784 (GCVE-0-2007-2784)
Vulnerability from nvd – Published: 2007-05-21 23:00 – Updated: 2024-08-07 13:49
VLAI?
Summary
Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25323"
},
{
"name": "36094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.globus.org/toolkit/advisories.html"
},
{
"name": "globus-globusjobmanager-dos(34374)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34374"
},
{
"name": "[glbs-security-announce] 20070517 Globus Security Advisory 2007-03: Nexus vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.globus.org/globus/show_bug.cgi?id=5297"
},
{
"name": "24051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25323"
},
{
"name": "36094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.globus.org/toolkit/advisories.html"
},
{
"name": "globus-globusjobmanager-dos(34374)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34374"
},
{
"name": "[glbs-security-announce] 20070517 Globus Security Advisory 2007-03: Nexus vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.globus.org/globus/show_bug.cgi?id=5297"
},
{
"name": "24051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25323"
},
{
"name": "36094",
"refsource": "OSVDB",
"url": "http://osvdb.org/36094"
},
{
"name": "http://www.globus.org/toolkit/advisories.html",
"refsource": "CONFIRM",
"url": "http://www.globus.org/toolkit/advisories.html"
},
{
"name": "globus-globusjobmanager-dos(34374)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34374"
},
{
"name": "[glbs-security-announce] 20070517 Globus Security Advisory 2007-03: Nexus vulnerability",
"refsource": "MLIST",
"url": "http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html"
},
{
"name": "http://bugzilla.globus.org/globus/show_bug.cgi?id=5297",
"refsource": "CONFIRM",
"url": "http://bugzilla.globus.org/globus/show_bug.cgi?id=5297"
},
{
"name": "24051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2784",
"datePublished": "2007-05-21T23:00:00",
"dateReserved": "2007-05-21T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4233 (GCVE-0-2006-4233)
Vulnerability from nvd – Published: 2006-08-18 19:55 – Updated: 2024-08-07 18:57
VLAI?
Summary
Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[security-announce] 20060815 Temporary File Handling Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html"
},
{
"name": "ADV-2006-3290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "21516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19549"
},
{
"name": "globus-tmp-symlink(28410)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[security-announce] 20060815 Temporary File Handling Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html"
},
{
"name": "ADV-2006-3290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "21516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19549"
},
{
"name": "globus-tmp-symlink(28410)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20060815 Temporary File Handling Vulnerability",
"refsource": "MLIST",
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html"
},
{
"name": "ADV-2006-3290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "21516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19549"
},
{
"name": "globus-tmp-symlink(28410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4233",
"datePublished": "2006-08-18T19:55:00",
"dateReserved": "2006-08-18T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4232 (GCVE-0-2006-4232)
Vulnerability from nvd – Published: 2006-08-18 19:55 – Updated: 2024-08-07 18:57
VLAI?
Summary
Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "globus-grid-proxy-race-condition(28408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408"
},
{
"name": "[security-announce] 20060815 Proxy Generation Tool Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html"
},
{
"name": "21516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "globus-grid-proxy-race-condition(28408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408"
},
{
"name": "[security-announce] 20060815 Proxy Generation Tool Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html"
},
{
"name": "21516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3290"
},
{
"name": "globus-grid-proxy-race-condition(28408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28408"
},
{
"name": "[security-announce] 20060815 Proxy Generation Tool Vulnerability",
"refsource": "MLIST",
"url": "http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html"
},
{
"name": "21516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21516"
},
{
"name": "19549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4232",
"datePublished": "2006-08-18T19:55:00",
"dateReserved": "2006-08-18T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}