CVE-2006-4232

high

Description

Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28408

http://www.vupen.com/english/advisories/2006/3290

http://www.securityfocus.com/bid/19549

http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html

http://secunia.com/advisories/21516

Details

Source: Mitre, NVD

Published: 2006-08-18

Updated: 2017-07-20

Risk Information

CVSS v2

Base Score: 1.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High