Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-3292

Опубликовано: 07 июн. 2012
Источник: nvd
CVSS2: 7.6
EPSS Низкий

Описание

The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:globus:globus_toolkit:*:*:*:*:*:*:*:*
Версия до 5.2.1 (включая)
cpe:2.3:a:globus:globus_toolkit:2.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:2.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%
0.0252
Низкий

7.6 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2012-3292

ubuntu
больше 13 лет назад

The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.

debian логотип

CVE-2012-3292

debian
больше 13 лет назад

The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf ...

github логотип

GHSA-5qc5-pr45-rv6r

github
больше 3 лет назад

The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.

EPSS

Процентиль: 85%
0.0252
Низкий

7.6 High

CVSS2

Дефекты

CWE-264