The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.

It was discovered that the GridFTP component from the Globus Toolkit, a toolkit used for building Grid systems and applications, performed insufficient validation of a name lookup, which could lead to privilege escalation.

According to its self-reported version number, the remote FTP server is running a version of GridFTP Server earlier than 3.42 / 6.11. Such versions reportedly are affected by an authentication bypass vulnerability caused by incorrect use of 'getpwnam_r()'. When a 'gridmap' file is improperly configured with a valid user DN mapped to a nonexistent user account, the GridFTP server may grant access to the client under another account.

Fix for http://jira.globus.org/browse/GT-195

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
61439	Debian DSA-2523-1 : globus-gridftp-server - programming error	Nessus	Debian Local Security Checks	high
59734	Globus Toolkit GridFTP Server < 3.42 / 6.11 'getpwnam_r()' Authentication Bypass Vulnerability	Nessus	FTP	high
59351	Fedora 15 : globus-gridftp-server-6.10-2.fc15 / globus-gridftp-server-control-2.5-2.fc15 (2012-8488)	Nessus	Fedora Local Security Checks	high
59348	Fedora 16 : globus-gridftp-server-6.10-2.fc16 / globus-gridftp-server-control-2.5-2.fc16 (2012-8461)	Nessus	Fedora Local Security Checks	high
59347	Fedora 17 : globus-gridftp-server-6.10-2.fc17 / globus-gridftp-server-control-2.5-2.fc17 (2012-8445)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2012-3292

critical

Tenable Plugins

high

high

high

high

high