CVE-2011-0738

Name of the Vulnerable Software and Affected Versions MyProxy versions 5.0 through 5.2 Globus Toolkit versions 5.0.0 through 5.0.2

Description The issue allows remote attackers to conduct man-in-the-middle (MITM) attacks by spoofing the server, due to improper verification of the hostname or identity in the X.509 certificate for the myproxy-server. This can occur when executing commands such as myproxy-logon or myproxy-get-delegation with a crafted certificate.

Recommendations For MyProxy versions 5.0 through 5.2, update the software to properly verify the hostname and identity in the X.509 certificate. For Globus Toolkit versions 5.0.0 through 5.0.2, ensure that the underlying MyProxy component is updated to address the issue.