Globus Toolkit GridFTP Server < 3.42 / 6.11 'getpwnam_r()' Authentication Bypass Vulnerability

high Nessus Plugin ID 59734

Synopsis

The remote FTP service is vulnerable to an authentication bypass attack.

Description

According to its self-reported version number, the remote FTP server is running a version of GridFTP Server earlier than 3.42 / 6.11. Such versions reportedly are affected by an authentication bypass vulnerability caused by incorrect use of 'getpwnam_r()'. When a 'gridmap' file is improperly configured with a valid user DN mapped to a nonexistent user account, the GridFTP server may grant access to the client under another account.

Solution

Upgrade to version 3.42 / 6.11 or later.

See Also

https://docs.globus.org/gt-jira-archive/#globus_toolkit_gt_195

https://lists.globus.org/pipermail/security-announce/2012-May/000019.html

Plugin Details

Severity: High

ID: 59734

File Name: gt_gridftp_6_11.nasl

Version: 1.9

Type: remote

Family: FTP

Published: 6/27/2012

Updated: 12/4/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-3292

Vulnerability Information

CPE: cpe:/a:globus:globus_toolkit

Required KB Items: Settings/ParanoidReport, Globus_Toolkit/GridFTP/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 5/17/2012

Vulnerability Publication Date: 5/17/2012

Reference Information

CVE: CVE-2012-3292

BID: 53778