Privilege Escalation via GridFTP in Globus Toolkit

Privilege Escalation via GridFTP in Globus Toolkit

CVE-2012-3292 · HIGH Severity

AV:N/AC:H/AU:N/C:C/I:C/A:C

The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.

Learn more about our User Device Pen Test.