FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

globus -- Multiple tmpfile races

Affected packages
globus < 4.0.2_20060706

Details

VuXML ID 5039ae61-2c9f-11db-8401-000ae42e9b93
Discovery 2006-08-08
Entry 2006-08-15
Modified 2010-05-12

The Globus Alliance reports:

The proxy generation tool (grid-proxy-init) creates the file, secures the file to provide access only to owner and writes proxy to the file. A race condition exists between the opening of the proxy credentials file, and making sure it is safe file to write to. The checks to ensure this file is accessible only to the owner take place using the filename after the file is opened for writing, but before any data is written.

Various components of the toolkit use files in shared directories to store information, some being sensitive information. For example, the tool to create proxy certificates, stores the generated proxy certificate by default in /tmp. Specific vulnerabilities in handling such files were reported in myproxy-admin-adduser, grid-ca-sign and grid-security-config.

References

CVE Name CVE-2006-4232
CVE Name CVE-2006-4233
URL http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html
URL http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html