PT-2006-5048 · Globus · Globus Toolkit

Published

2006-08-18

Updated

2017-07-20

CVE-2006-4232

CVSS v2.0

1.2

Low

Vector

AV:L/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Globus Toolkit versions 3.2.x through 4.1.0

Description A race condition exists in the grid-proxy-init tool, allowing local users to potentially steal credential data. This occurs when the proxy credentials file is replaced between its creation and the check for exclusive file access.

Recommendations For Globus Toolkit versions 3.2.x through 4.1.0, consider updating to a version released after 20060815 to resolve the issue. As a temporary workaround, restrict access to the grid-proxy-init tool to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4232

Affected Products

Globus Toolkit

PT-2006-5048 · Globus · Globus Toolkit

CVE-2006-4232

Related Identifiers

Affected Products

References · 6