CVE-2011-0738 Information
Description
MyProxy 5.0 through 5.2 as used in Globus Toolkit 5.0.0 through 5.0.2 does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.
Reference
http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html http://lists.globus.org/pipermail/security-announce/2011-January/000018.html http://osvdb.org/70494 http://secunia.com/advisories/42972 http://secunia.com/advisories/43103 http://www.securityfocus.com/bid/45916 http://www.vupen.com/english/advisories/2011/0227 https://exchange.xforce.ibmcloud.com/vulnerabilities/64830
Share on: