5 matches found
CVE-2012-3292
CVE-2012-3292 affects the GridFTP component of Globus Toolkit (GT) prior to 5.2.2, where insufficient validation of a name lookup (getpwnam_r) could cause privilege escalation if a login uses a non-existent user, allowing GridFTP to run as the last user in the password file. Public references in ...
CVE-2007-2784
CVE-2007-2784 describes an unspecified vulnerability in the globus-job-manager component of the Globus Toolkit 4.1.1 and earlier (also affecting globus_nexus-6.6 and earlier ). The issue allows remote attackers to cause a denial of service through certain requests to temporary TCP ports used by a...
CVE-2011-0738
CVE-2011-0738 affects MyProxy 5.0–5.2 (used in Globus Toolkit 5.0.0–5.0.2). The vulnerability is a failure to properly verify the myproxy-server certificate’s hostname/identity in X.509, enabling remote attackers to spoof the server and perform MITM via a crafted certificate when running myproxy-...
CVE-2006-4233
Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 are affected by a local‑only race condition in temporary file handling (in /tmp) that can let an attacker obtain proxy certificates and overwrite arbitrary files via a symlink attack. The issue is demonstrated by files created by myproxy-admi...
CVE-2006-4232
CVE-2006-4232 : A race condition in the grid-proxy-init tool of Globus Toolkit (versions 3.2.x, 4.0.x, 4.1.0 before 20060815) allows local attackers to steal credential data by replacing the proxy credentials file between its creation and the check for exclusive access. The vulnerability arises f...