Globus Toolkit GridFTP Server < 3.42 / 6.11 'getpwnam_r()' Authentication Bypass Vulnerability

High Nessus Plugin ID 59734

Synopsis

The remote FTP service is vulnerable to an authentication bypass attack.

Description

According to its self-reported version number, the remote FTP server is running a version of GridFTP Server earlier than 3.42 / 6.11. Such versions reportedly are affected by an authentication bypass vulnerability caused by incorrect use of 'getpwnam_r()'. When a 'gridmap' file is improperly configured with a valid user DN mapped to a nonexistent user account, the GridFTP server may grant access to the client under another account.

Solution

Upgrade to version 3.42 / 6.11 or later.

See Also

https://docs.globus.org/gt-jira-archive/#globus_toolkit_gt_195

https://lists.globus.org/pipermail/security-announce/2012-May/000019.html

Plugin Details

Severity: High

ID: 59734

File Name: gt_gridftp_6_11.nasl

Version: 1.8

Type: remote

Family: FTP

Published: 2012/06/27

Modified: 2018/11/15

Dependencies: 59733

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.8

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:globus:globus_toolkit

Required KB Items: Globus_Toolkit/GridFTP/Installed, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/05/17

Vulnerability Publication Date: 2012/05/17

Reference Information

CVE: CVE-2012-3292

BID: 53778