CVE-2006-4232: Race Condition
First published: Fri Aug 18 2006(Updated: )
Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Globus Toolkit | =3.2.0 | |
| Globus Toolkit | =4.0.0 | |
| Globus Toolkit | =4.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-4232?
CVE-2006-4232 has a medium severity rating due to its local exploitation potential.
How do I fix CVE-2006-4232?
To fix CVE-2006-4232, ensure you update Globus Toolkit to a version later than 20060815.
What systems are affected by CVE-2006-4232?
CVE-2006-4232 affects Globus Toolkit versions 3.2.x, 4.0.x, and 4.1.0 prior to 20060815.
What does CVE-2006-4232 exploit?
CVE-2006-4232 exploits a race condition that allows local users to replace the proxy credentials file.
Can CVE-2006-4232 be exploited remotely?
No, CVE-2006-4232 requires local access to exploit the vulnerability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/references
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/globus
- canonical/globus toolkit
- version/globus toolkit/3.2.0
- version/globus toolkit/4.0.0
- version/globus toolkit/4.1.0