Vulnerability Details : CVE-2012-3292
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
Exploit prediction scoring system (EPSS) score for CVE-2012-3292
Probability of exploitation activity in the next 30 days: 0.77%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3292
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
CWE ids for CVE-2012-3292
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3292
-
http://jira.globus.org/browse/GT-195
Page not found
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html
[SECURITY] Fedora 17 Update: globus-gridftp-server-control-2.5-2.fc17
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html
[SECURITY] Fedora 16 Update: globus-gridftp-server-control-2.5-2.fc16
-
http://www.debian.org/security/2012/dsa-2523
Debian -- Security Information -- DSA-2523-1 globus-gridftp-server
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html
[SECURITY] Fedora 15 Update: globus-gridftp-server-control-2.5-2.fc15
Products affected by CVE-2012-3292
- cpe:2.3:a:globus:globus_toolkit:*:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:2.4.3:*:*:*:*:*:*:*