CVE-2011-0738 - Vulnerability Details - OpenCVE

MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Globus	Globus Toolkit
Ncsa	Myproxy

Configuration 1 [-]

AND

OR	cpe:2.3:a:ncsa:myproxy:5.0:::::::*
	cpe:2.3:a:ncsa:myproxy:5.1:::::::*
	cpe:2.3:a:ncsa:myproxy:5.2:::::::*

OR	cpe:2.3:a:globus:globus_toolkit:5.0.0:::::::*
	cpe:2.3:a:globus:globus_toolkit:5.0.1:::::::*
	cpe:2.3:a:globus:globus_toolkit:5.0.2:::::::*

No data.

References

Link	Providers
http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html
http://lists.globus.org/pipermail/security-announce/2011-January/000018.html
http://osvdb.org/70494
http://secunia.com/advisories/42972
http://secunia.com/advisories/43103
http://www.securityfocus.com/bid/45916
http://www.vupen.com/english/advisories/2011/0227
https://exchange.xforce.ibmcloud.com/vulnerabilities/64830

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-02-02T00:00:00

Updated: 2024-08-06T22:05:52.932Z

Reserved: 2011-02-01T00:00:00

Link: CVE-2011-0738

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-02-02T01:00:06.987

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-0738

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2011-0514", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"}, {"name": "ADV-2011-0227", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0227"}, {"name": "[security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"}, {"name": "43103", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43103"}, {"name": "myproxy-ssl-spoofing(64830)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"}, {"name": "FEDORA-2011-0512", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"}, {"tags": ["x_refsource_MISC"], "url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"}, {"name": "45916", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45916"}, {"name": "70494", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/70494"}, {"name": "42972", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42972"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0738", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2011-0514", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"}, {"name": "ADV-2011-0227", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0227"}, {"name": "[security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server", "refsource": "MLIST", "url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"}, {"name": "43103", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43103"}, {"name": "myproxy-ssl-spoofing(64830)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"}, {"name": "FEDORA-2011-0512", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"}, {"name": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt", "refsource": "MISC", "url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"}, {"name": "45916", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45916"}, {"name": "70494", "refsource": "OSVDB", "url": "http://osvdb.org/70494"}, {"name": "42972", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42972"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:05:52.932Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2011-0514", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"}, {"name": "ADV-2011-0227", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0227"}, {"name": "[security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"}, {"name": "43103", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43103"}, {"name": "myproxy-ssl-spoofing(64830)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"}, {"name": "FEDORA-2011-0512", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"}, {"name": "45916", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45916"}, {"name": "70494", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/70494"}, {"name": "42972", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42972"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0738", "datePublished": "2011-02-02T00:00:00", "dateReserved": "2011-02-01T00:00:00", "dateUpdated": "2024-08-06T22:05:52.932Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ncsa:myproxy:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7FADB96A-A9AF-48D7-99AB-FE73A4BD54DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncsa:myproxy:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD094F8F-A907-4920-9488-1CDA2F099071", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncsa:myproxy:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "7300CC47-9A4E-45FB-A586-2219E68FC8E6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A290F1E-261D-4B41-9D33-A93091BE6E88", "vulnerable": true}, {"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "55414096-387E-48E7-BB53-80C0ED73708B", "vulnerable": true}, {"criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "59625B10-2AB6-4E37-987B-B420C25C49E5", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation."}, {"lang": "es", "value": "MyProxy v5.0 hasta v5.2, tal como se utiliza en Globus Toolkit v5.0.0 hasta v5.0.2, no comprueba correctamente (1) el nombre de host o (2) la identidad en el certificado X.509 para el myproxy-servidor, lo que permite a atacantes remotos suplantar el servidor y llevar a cabo ataques man-in-the-middle (MITM) a trav\u00e9s de certificados manipulados cuando se ejecuta (a) myproxy-logon o (b) myproxy-get-delegation."}], "id": "CVE-2011-0738", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-02-02T01:00:06.987", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/70494"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42972"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43103"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/45916"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0227"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/70494"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/45916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}