Globus Toolkit GridFTP Server < 3.42 / 6.11 'getpwnam_r()' Authentication Bypass Vulnerability
High Nessus Plugin ID 59734
SynopsisThe remote FTP service is vulnerable to an authentication bypass attack.
DescriptionAccording to its self-reported version number, the remote FTP server is running a version of GridFTP Server earlier than 3.42 / 6.11. Such versions reportedly are affected by an authentication bypass vulnerability caused by incorrect use of 'getpwnam_r()'. When a 'gridmap' file is improperly configured with a valid user DN mapped to a nonexistent user account, the GridFTP server may grant access to the client under another account.
SolutionUpgrade to version 3.42 / 6.11 or later.