VIR Vulnerability Intelligence Relay

CVE-2012-3292

high
Published 2012-06-07 · Modified 2026-04-29
CVSS v3
CVSS v2
7.6
VIR risk
7.6

Description

The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-3292

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed6.5-1
debian debianbullseyefixed6.5-1
debian debianforkyfixed6.5-1
debian debiansidfixed6.5-1
debian debiantrixiefixed6.5-1

Application impact
VendorProductVersionsFixed
globusglobus_toolkit{"endIncluding":"5.2.1"}
globusglobus_toolkit2.0
globusglobus_toolkit2.2
globusglobus_toolkit2.4.3
globusglobus_toolkit3.0.2
globusglobus_toolkit3.2.1
globusglobus_toolkit4.0.0
globusglobus_toolkit4.0.1
globusglobus_toolkit4.0.2
globusglobus_toolkit4.0.3
globusglobus_toolkit4.0.4
globusglobus_toolkit4.0.5
globusglobus_toolkit4.0.6
globusglobus_toolkit4.0.7
globusglobus_toolkit4.0.8
globusglobus_toolkit4.2.0
globusglobus_toolkit4.2.1
globusglobus_toolkit5.0.0
globusglobus_toolkit5.0.1
globusglobus_toolkit5.0.2
globusglobus_toolkit5.0.3
globusglobus_toolkit5.0.4
globusglobus_toolkit5.0.5
globusglobus_toolkit5.2.0

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.