CVE-2012-3292

The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
globusglobus_toolkit
𝑥
≤ 5.2.1
globusglobus_toolkit
2.0
globusglobus_toolkit
2.2
globusglobus_toolkit
2.4.3
globusglobus_toolkit
3.0.2
globusglobus_toolkit
3.2.1
globusglobus_toolkit
4.0.0
globusglobus_toolkit
4.0.1
globusglobus_toolkit
4.0.2
globusglobus_toolkit
4.0.3
globusglobus_toolkit
4.0.4
globusglobus_toolkit
4.0.5
globusglobus_toolkit
4.0.6
globusglobus_toolkit
4.0.7
globusglobus_toolkit
4.0.8
globusglobus_toolkit
4.2.0
globusglobus_toolkit
4.2.1
globusglobus_toolkit
5.0.0
globusglobus_toolkit
5.0.1
globusglobus_toolkit
5.0.2
globusglobus_toolkit
5.0.3
globusglobus_toolkit
5.0.4
globusglobus_toolkit
5.0.5
globusglobus_toolkit
5.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
globus-gridftp-server
bullseye
13.21-1
fixed
bookworm
13.24-3
fixed
sid
13.25-5
fixed
trixie
13.25-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
globus-gridftp-server
precise
Fixed 6.5-1ubuntu0.1
released
oneiric
Fixed 3.33-2ubuntu0.1
released
natty
Fixed 3.23-1ubuntu0.1
released
lucid
Fixed 3.17-2ubuntu0.1
released
hardy
dne
globus-gridftp-server-control
precise
Fixed 2.3-1ubuntu0.1
released
oneiric
Fixed 0.46-1ubuntu0.1
released
natty
Fixed 0.43-1ubuntu0.1
released
lucid
Fixed 0.36-1ubuntu0.1
released
hardy
dne
Common Weakness Enumeration
References
http://jira.globus.org/browse/GT-195
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html
http://www.debian.org/security/2012/dsa-2523
http://jira.globus.org/browse/GT-195
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html
http://www.debian.org/security/2012/dsa-2523