Lucene search
MitreCVE-2006-4233HistoryAug 18, 2006 - 8:04 p.m.
CVE-2006-4233
2006-08-1820:04:00
mitre
web.nvd.nist.gov
23
globus toolkit
cve-2006-4233
vulnerability
symlink attack
sensitive information
temporary files
/tmp directory
local users
CVSS2
3.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
AI Score
5.9
Confidence
Low
EPSS
0
Percentile
5.1%
Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.
Affected configurations
Node
globusglobus_toolkitMatch3.2.0
ORglobusglobus_toolkitMatch4.0.0
ORglobusglobus_toolkitMatch4.1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| globus | globus_toolkit | 3.2.0 | cpe:2.3:a:globus:globus_toolkit:3.2.0:*:*:*:*:*:*:* |
| globus | globus_toolkit | 4.0.0 | cpe:2.3:a:globus:globus_toolkit:4.0.0:*:*:*:*:*:*:* |
| globus | globus_toolkit | 4.1.0 | cpe:2.3:a:globus:globus_toolkit:4.1.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2006-4233
2006-08-18 19:55:00
nvd
nvd
CVE-2006-4233
2006-08-18 20:04:00
freebsd
freebsd
globus -- Multiple tmpfile races
2006-08-08 00:00:00
openvas
openvas
FreeBSD Ports: globus
2008-09-04 00:00:00
FreeBSD Ports: globus
2008-09-04 00:00:00
nessus
nessus
CVSS2
3.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
AI Score
5.9
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2006-4233