CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%
Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.
Vendor | Product | Version | CPE |
---|---|---|---|
globus | globus_toolkit | 3.2.0 | cpe:2.3:a:globus:globus_toolkit:3.2.0:*:*:*:*:*:*:* |
globus | globus_toolkit | 4.0.0 | cpe:2.3:a:globus:globus_toolkit:4.0.0:*:*:*:*:*:*:* |
globus | globus_toolkit | 4.1.0 | cpe:2.3:a:globus:globus_toolkit:4.1.0:*:*:*:*:*:*:* |