Launchpad.net

CVE 2012-3292

The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.

Related bugs and status

CVE-2012-3292 (Candidate) is related to these bugs:

Bug #1027323: CVE-2012-3292

		In	Importance	Status
1027323	CVE-2012-3292	globus-gridftp-server-control (Ubuntu)	Undecided	Fix Released
1027323	CVE-2012-3292	globus-gridftp-server-control (Ubuntu Lucid)	Undecided	Fix Released
1027323	CVE-2012-3292	globus-gridftp-server-control (Ubuntu Natty)	Undecided	Fix Released
1027323	CVE-2012-3292	globus-gridftp-server-control (Ubuntu Oneiric)	Undecided	Fix Released
1027323	CVE-2012-3292	globus-gridftp-server-control (Ubuntu Precise)	Undecided	Fix Released

Bug #1027324: CVE-2012-3292

		In	Importance	Status
1027324	CVE-2012-3292	globus-gridftp-server (Ubuntu)	Undecided	Fix Released
1027324	CVE-2012-3292	globus-gridftp-server (Ubuntu Lucid)	Undecided	Fix Released
1027324	CVE-2012-3292	globus-gridftp-server (Ubuntu Natty)	Undecided	Fix Released
1027324	CVE-2012-3292	globus-gridftp-server (Ubuntu Precise)	Undecided	Fix Released
1027324	CVE-2012-3292	globus-gridftp-server (Ubuntu Oneiric)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3292

Related bugs and status

Related bugs

References