Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0738

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-0738
Last Modified 12 Feb 2011 01:46:14
Published 01 Feb 2011 08:00:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0738

Summary

MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.

Vulnerable Systems

Application

  • Globus Toolkit 5.0.0

  • Globus Toolkit 5.0.1

  • Globus Toolkit 5.0.2

  • Ncsa Myproxy 5.0

  • Ncsa Myproxy 5.1

  • Ncsa Myproxy 5.2


References

MLIST - [security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server

XF - myproxy-ssl-spoofing(64830)

VUPEN - ADV-2011-0227

BID - 45916

SECUNIA - 43103

SECUNIA - 42972

OSVDB - 70494

FEDORA - FEDORA-2011-0512

FEDORA - FEDORA-2011-0514

MISC - http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt


Last Updated: 27 May 2016 10:56:02