All the vulnerabilites related to condor_project - condor
cve-2008-3826
Vulnerability from cvelistv5
Published
2008-10-08 20:44
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1021002 | vdb-entry, x_refsource_SECTRACK | |
| http://www.redhat.com/support/errata/RHSA-2008-0924.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/32232 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/32189 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31621 | vdb-entry, x_refsource_BID | |
| https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/32193 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2008-0911.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.vupen.com/english/advisories/2008/2760 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"name": "1021002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021002"
},
{
"name": "RHSA-2008:0924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"name": "32232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32232"
},
{
"name": "32189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32189"
},
{
"name": "31621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31621"
},
{
"name": "FEDORA-2008-8733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"name": "32193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32193"
},
{
"name": "RHSA-2008:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"name": "ADV-2008-2760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-10T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"name": "1021002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021002"
},
{
"name": "RHSA-2008:0924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"name": "32232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32232"
},
{
"name": "32189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32189"
},
{
"name": "31621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31621"
},
{
"name": "FEDORA-2008-8733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"name": "32193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32193"
},
{
"name": "RHSA-2008:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"name": "ADV-2008-2760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2760"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3826",
"datePublished": "2008-10-08T20:44:00",
"dateReserved": "2008-08-27T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3491
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-09-16 23:55
Severity ?
EPSS score ?
Summary
src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=848214 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/55632 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1fff5d40 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/50666 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/09/20/9 | mailing-list, x_refsource_MLIST | |
| http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848214"
},
{
"name": "55632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1fff5d40"
},
{
"name": "50666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50666"
},
{
"name": "[oss-security] 20120920 Notification of upstream Condor security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-28T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848214"
},
{
"name": "55632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1fff5d40"
},
{
"name": "50666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50666"
},
{
"name": "[oss-security] 20120920 Notification of upstream Condor security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=848214",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848214"
},
{
"name": "55632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "RHSA-2012:1281",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1fff5d40",
"refsource": "CONFIRM",
"url": "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1fff5d40"
},
{
"name": "50666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50666"
},
{
"name": "[oss-security] 20120920 Notification of upstream Condor security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3491",
"datePublished": "2012-09-28T17:00:00Z",
"dateReserved": "2012-06-14T00:00:00Z",
"dateUpdated": "2024-09-16T23:55:46.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3829
Vulnerability from cvelistv5
Published
2008-10-08 20:44
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1021002 | vdb-entry, x_refsource_SECTRACK | |
| http://www.redhat.com/support/errata/RHSA-2008-0924.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/32232 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/32189 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31621 | vdb-entry, x_refsource_BID | |
| https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/32193 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2008-0911.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.vupen.com/english/advisories/2008/2760 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"name": "1021002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021002"
},
{
"name": "RHSA-2008:0924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"name": "32232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32232"
},
{
"name": "32189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32189"
},
{
"name": "31621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31621"
},
{
"name": "FEDORA-2008-8733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"name": "32193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32193"
},
{
"name": "RHSA-2008:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"name": "ADV-2008-2760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-10T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"name": "1021002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021002"
},
{
"name": "RHSA-2008:0924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"name": "32232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32232"
},
{
"name": "32189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32189"
},
{
"name": "31621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31621"
},
{
"name": "FEDORA-2008-8733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"name": "32193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32193"
},
{
"name": "RHSA-2008:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"name": "ADV-2008-2760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2760"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3829",
"datePublished": "2008-10-08T20:44:00",
"dateReserved": "2008-08-27T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3492
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-09-16 22:24
Severity ?
EPSS score ?
Summary
The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55632 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html | x_refsource_CONFIRM | |
| http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1db67805 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50666 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/09/20/9 | mailing-list, x_refsource_MLIST | |
| http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1db67805"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50666"
},
{
"name": "[oss-security] 20120920 Notification of upstream Condor security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user\u0027s authentication directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-28T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1db67805"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50666"
},
{
"name": "[oss-security] 20120920 Notification of upstream Condor security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user\u0027s authentication directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1db67805",
"refsource": "CONFIRM",
"url": "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1db67805"
},
{
"name": "RHSA-2012:1281",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50666"
},
{
"name": "[oss-security] 20120920 Notification of upstream Condor security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3492",
"datePublished": "2012-09-28T17:00:00Z",
"dateReserved": "2012-06-14T00:00:00Z",
"dateUpdated": "2024-09-16T22:24:48.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5136
Vulnerability from cvelistv5
Published
2013-10-11 22:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
References
| ▼ | URL | Tags |
|---|---|---|
| https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=540545 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2010-0773.html | vendor-advisory, x_refsource_REDHAT | |
| http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-11T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001",
"refsource": "CONFIRM",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=540545",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"name": "RHSA-2010:0773",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"name": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5136",
"datePublished": "2013-10-11T22:00:00Z",
"dateReserved": "2013-10-11T00:00:00Z",
"dateUpdated": "2024-09-17T03:23:50.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4255
Vulnerability from cvelistv5
Published
2013-10-11 22:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1172.html | vendor-advisory, x_refsource_REDHAT | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1171.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=919401 | x_refsource_CONFIRM | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1172.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786"
},
{
"name": "RHSA-2013:1171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1171.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919401"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-11T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1172.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786"
},
{
"name": "RHSA-2013:1171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1171.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919401"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4255",
"datePublished": "2013-10-11T22:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-08-06T16:38:01.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5197
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 20:58
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78974 | vdb-entry, x_refsource_XF | |
| http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html | x_refsource_CONFIRM | |
| http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:58:03.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "condor-multiple-unspecified(78974)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78974"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to \"error checking of system calls.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "condor-multiple-unspecified(78974)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78974"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to \"error checking of system calls.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "condor-multiple-unspecified(78974)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78974"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5197",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-09-28T00:00:00",
"dateUpdated": "2024-08-06T20:58:03.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4133
Vulnerability from cvelistv5
Published
2009-12-23 18:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2009-1689.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54984 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/37766 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2009-1688.html | vendor-advisory, x_refsource_REDHAT | |
| http://securitytracker.com/id?1023378 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/37443 | vdb-entry, x_refsource_BID | |
| http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018 | x_refsource_MISC | |
| http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=544371 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37803 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:1689",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"
},
{
"name": "condor-jobs-security-bypass(54984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"
},
{
"name": "37766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37766"
},
{
"name": "RHSA-2009:1688",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"
},
{
"name": "1023378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023378"
},
{
"name": "37443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"
},
{
"name": "37803",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37803"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2009:1689",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"
},
{
"name": "condor-jobs-security-bypass(54984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"
},
{
"name": "37766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37766"
},
{
"name": "RHSA-2009:1688",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"
},
{
"name": "1023378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023378"
},
{
"name": "37443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"
},
{
"name": "37803",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37803"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:1689",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"
},
{
"name": "condor-jobs-security-bypass(54984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"
},
{
"name": "37766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37766"
},
{
"name": "RHSA-2009:1688",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"
},
{
"name": "1023378",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023378"
},
{
"name": "37443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37443"
},
{
"name": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018",
"refsource": "MISC",
"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"
},
{
"name": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html",
"refsource": "CONFIRM",
"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=544371",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"
},
{
"name": "37803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37803"
},
{
"name": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000",
"refsource": "CONFIRM",
"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4133",
"datePublished": "2009-12-23T18:00:00",
"dateReserved": "2009-12-01T00:00:00",
"dateUpdated": "2024-08-07T06:54:09.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4930
Vulnerability from cvelistv5
Published
2014-02-10 17:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=759548 | x_refsource_CONFIRM | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0099.html | vendor-advisory, x_refsource_REDHAT | |
| https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867 | x_refsource_MISC | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660 | x_refsource_CONFIRM | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2012-0100.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
},
{
"name": "RHSA-2012:0099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
},
{
"name": "RHSA-2012:0100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
},
{
"name": "RHSA-2012:0099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
},
{
"name": "RHSA-2012:0100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4930",
"datePublished": "2014-02-10T17:00:00",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:38.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3830
Vulnerability from cvelistv5
Published
2008-10-08 20:44
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1021002 | vdb-entry, x_refsource_SECTRACK | |
| http://www.redhat.com/support/errata/RHSA-2008-0924.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/32232 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/32189 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31621 | vdb-entry, x_refsource_BID | |
| https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/32193 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2008-0911.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.vupen.com/english/advisories/2008/2760 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"name": "1021002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021002"
},
{
"name": "RHSA-2008:0924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"name": "32232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32232"
},
{
"name": "32189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32189"
},
{
"name": "31621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31621"
},
{
"name": "FEDORA-2008-8733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"name": "32193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32193"
},
{
"name": "RHSA-2008:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"name": "ADV-2008-2760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-10T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"name": "1021002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021002"
},
{
"name": "RHSA-2008:0924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"name": "32232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32232"
},
{
"name": "32189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32189"
},
{
"name": "31621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31621"
},
{
"name": "FEDORA-2008-8733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"name": "32193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32193"
},
{
"name": "RHSA-2008:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"name": "ADV-2008-2760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2760"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3830",
"datePublished": "2008-10-08T20:44:00",
"dateReserved": "2008-08-27T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5390
Vulnerability from cvelistv5
Published
2014-06-06 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.
References
| ▼ | URL | Tags |
|---|---|---|
| http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/57328 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/51862 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html"
},
{
"name": "57328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57328"
},
{
"name": "51862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-06T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html"
},
{
"name": "57328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57328"
},
{
"name": "51862",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51862"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html"
},
{
"name": "57328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57328"
},
{
"name": "51862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51862"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5390",
"datePublished": "2014-06-06T14:00:00",
"dateReserved": "2012-10-17T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5196
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 20:58
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78975 | vdb-entry, x_refsource_XF | |
| http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:58:03.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "condor-multiple-bo(78975)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "condor-multiple-bo(78975)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "condor-multiple-bo(78975)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78975"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5196",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-09-28T00:00:00",
"dateUpdated": "2024-08-06T20:58:03.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4462
Vulnerability from cvelistv5
Published
2013-03-12 15:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option.
References
| ▼ | URL | Tags |
|---|---|---|
| https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2013-0564.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-0565.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=860850 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84"
},
{
"name": "RHSA-2013:0564",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0564.html"
},
{
"name": "RHSA-2013:0565",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0565.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T15:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84"
},
{
"name": "RHSA-2013:0564",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0564.html"
},
{
"name": "RHSA-2013:0565",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0565.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4462",
"datePublished": "2013-03-12T15:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-08-06T20:35:09.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3416
Vulnerability from cvelistv5
Published
2012-08-25 10:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77748 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2012-1168.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id?1027395 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/84766 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/50246 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/55032 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/50294 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2012-1169.html | vendor-advisory, x_refsource_REDHAT | |
| http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "condor-reverse-dns-security-bypass(77748)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77748"
},
{
"name": "RHSA-2012:1168",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1168.html"
},
{
"name": "1027395",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027395"
},
{
"name": "84766",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/84766"
},
{
"name": "50246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50246"
},
{
"name": "55032",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55032"
},
{
"name": "50294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50294"
},
{
"name": "RHSA-2012:1169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1169.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "condor-reverse-dns-security-bypass(77748)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77748"
},
{
"name": "RHSA-2012:1168",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1168.html"
},
{
"name": "1027395",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027395"
},
{
"name": "84766",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/84766"
},
{
"name": "50246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50246"
},
{
"name": "55032",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55032"
},
{
"name": "50294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50294"
},
{
"name": "RHSA-2012:1169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1169.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3416",
"datePublished": "2012-08-25T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3424
Vulnerability from cvelistv5
Published
2008-07-31 22:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/31423 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2008-0816.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/31459 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html | vendor-advisory, x_refsource_FEDORA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44063 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1020646 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/30440 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/31284 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2008-0814.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31423"
},
{
"name": "RHSA-2008:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0816.html"
},
{
"name": "31459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31459"
},
{
"name": "FEDORA-2008-7205",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html"
},
{
"name": "condor-authpolicy-security-bypass(44063)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44063"
},
{
"name": "1020646",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020646"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4"
},
{
"name": "30440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30440"
},
{
"name": "31284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31284"
},
{
"name": "RHSA-2008:0814",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0814.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31423"
},
{
"name": "RHSA-2008:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0816.html"
},
{
"name": "31459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31459"
},
{
"name": "FEDORA-2008-7205",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html"
},
{
"name": "condor-authpolicy-security-bypass(44063)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44063"
},
{
"name": "1020646",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020646"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4"
},
{
"name": "30440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30440"
},
{
"name": "31284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31284"
},
{
"name": "RHSA-2008:0814",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0814.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31423"
},
{
"name": "RHSA-2008:0816",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0816.html"
},
{
"name": "31459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31459"
},
{
"name": "FEDORA-2008-7205",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html"
},
{
"name": "condor-authpolicy-security-bypass(44063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44063"
},
{
"name": "1020646",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020646"
},
{
"name": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4",
"refsource": "CONFIRM",
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4"
},
{
"name": "30440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30440"
},
{
"name": "31284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31284"
},
{
"name": "RHSA-2008:0814",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0814.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3424",
"datePublished": "2008-07-31T22:00:00",
"dateReserved": "2008-07-31T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3828
Vulnerability from cvelistv5
Published
2008-10-08 20:44
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1021002 | vdb-entry, x_refsource_SECTRACK | |
| http://www.redhat.com/support/errata/RHSA-2008-0924.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/32232 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/32189 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31621 | vdb-entry, x_refsource_BID | |
| https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/32193 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2008-0911.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.vupen.com/english/advisories/2008/2760 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"name": "1021002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021002"
},
{
"name": "RHSA-2008:0924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"name": "32232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32232"
},
{
"name": "32189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32189"
},
{
"name": "31621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31621"
},
{
"name": "FEDORA-2008-8733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"name": "32193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32193"
},
{
"name": "RHSA-2008:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"name": "ADV-2008-2760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-10T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"name": "1021002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021002"
},
{
"name": "RHSA-2008:0924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"name": "32232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32232"
},
{
"name": "32189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32189"
},
{
"name": "31621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31621"
},
{
"name": "FEDORA-2008-8733",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"name": "32193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32193"
},
{
"name": "RHSA-2008:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"name": "ADV-2008-2760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2760"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3828",
"datePublished": "2008-10-08T20:44:00",
"dateReserved": "2008-08-27T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3493
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-09-16 22:51
Severity ?
EPSS score ?
Summary
The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55632 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=d2f33972 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/50666 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=848222 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/09/20/9 | mailing-list, x_refsource_MLIST | |
| http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=d2f33972"
},
{
"name": "50666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50666"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848222"
},
{
"name": "[oss-security] 20120920 Notification of upstream Condor security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-28T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=d2f33972"
},
{
"name": "50666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50666"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848222"
},
{
"name": "[oss-security] 20120920 Notification of upstream Condor security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "RHSA-2012:1281",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=d2f33972",
"refsource": "CONFIRM",
"url": "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=d2f33972"
},
{
"name": "50666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50666"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=848222",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848222"
},
{
"name": "[oss-security] 20120920 Notification of upstream Condor security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3493",
"datePublished": "2012-09-28T17:00:00Z",
"dateReserved": "2012-06-14T00:00:00Z",
"dateUpdated": "2024-09-16T22:51:51.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-10-08 22:00
Modified
2024-11-21 00:50
Severity ?
Summary
Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | * | |
| condor_project | condor | 6.8.0 | |
| condor_project | condor | 6.8.1 | |
| condor_project | condor | 6.8.2 | |
| condor_project | condor | 6.8.3 | |
| condor_project | condor | 6.8.4 | |
| condor_project | condor | 6.8.5 | |
| condor_project | condor | 6.8.6 | |
| condor_project | condor | 6.8.7 | |
| condor_project | condor | 6.8.8 | |
| condor_project | condor | 6.8.9 | |
| condor_project | condor | 7.0.0 | |
| condor_project | condor | 7.0.1 | |
| condor_project | condor | 7.0.2 | |
| condor_project | condor | 7.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1ED29E-B24F-4233-A506-38C078DA3A0C",
"versionEndIncluding": "7.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C82D2C15-DFD1-40E0-86FC-F48263416AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA32C2CA-B61F-449B-B90A-054AF177C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03F817A5-9926-4AB5-8D25-8B68DC905B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDAA46-4598-4DC2-8B1B-D85CBF649133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "524D6F4F-4715-4F68-A069-87CDEF8BB5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3219F472-97A7-4A8E-A45C-DBFB3E25AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions."
},
{
"lang": "es",
"value": "Condor anterior a v7.0.5 no maneja adecuadamente cuando la configuraci\u00f3n especifica un solapamiento de m\u00e1scaras de red en las reglas de \"alow\" (permitir) o \"deny\" (denegar); esto provoca que se ignore la regla y permite a los atacantes evitar las restricciones de acceso pretendidas."
}
],
"id": "CVE-2008-3830",
"lastModified": "2024-11-21T00:50:13.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-08T22:00:01.950",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32189"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32193"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32232"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/31621"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1021002"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2760"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-08 22:00
Modified
2024-11-21 00:50
Severity ?
Summary
Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | * | |
| condor_project | condor | 6.8.0 | |
| condor_project | condor | 6.8.1 | |
| condor_project | condor | 6.8.2 | |
| condor_project | condor | 6.8.3 | |
| condor_project | condor | 6.8.4 | |
| condor_project | condor | 6.8.5 | |
| condor_project | condor | 6.8.6 | |
| condor_project | condor | 6.8.7 | |
| condor_project | condor | 6.8.8 | |
| condor_project | condor | 6.8.9 | |
| condor_project | condor | 7.0.0 | |
| condor_project | condor | 7.0.1 | |
| condor_project | condor | 7.0.2 | |
| condor_project | condor | 7.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1ED29E-B24F-4233-A506-38C078DA3A0C",
"versionEndIncluding": "7.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C82D2C15-DFD1-40E0-86FC-F48263416AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA32C2CA-B61F-449B-B90A-054AF177C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03F817A5-9926-4AB5-8D25-8B68DC905B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDAA46-4598-4DC2-8B1B-D85CBF649133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "524D6F4F-4715-4F68-A069-87CDEF8BB5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3219F472-97A7-4A8E-A45C-DBFB3E25AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Condor anterior a v7.0.5, permite a los atacantes ejecutar trabajos como si fueran otros usuarios, a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-3826",
"lastModified": "2024-11-21T00:50:12.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-08T22:00:01.810",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32189"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32193"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32232"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/31621"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1021002"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2760"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-25 10:29
Modified
2024-11-21 01:40
Severity ?
Summary
Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F911C534-53BA-45D8-8BA0-3128DD6D7859",
"versionEndIncluding": "7.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D17C7D49-C87C-4531-9F60-AEA8217BC47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C82D2C15-DFD1-40E0-86FC-F48263416AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA32C2CA-B61F-449B-B90A-054AF177C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03F817A5-9926-4AB5-8D25-8B68DC905B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDAA46-4598-4DC2-8B1B-D85CBF649133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "524D6F4F-4715-4F68-A069-87CDEF8BB5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3219F472-97A7-4A8E-A45C-DBFB3E25AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2F33EBED-0ADB-4C56-96CC-06D5CF8838AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F3C190-977B-4FFA-8DA6-6C1DC337FE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9E5EA-CD6B-401A-ACD5-0FA64A32DD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5888B30-EFC0-49D7-BDFC-219226A3BE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "7755344E-DC90-4B34-A701-8F9181F33A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5985B827-0494-4B99-A0CC-3F2DCB486BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D49E49-D7C3-4A8D-87DF-26BFE479F0D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B921A880-DCC2-4AEB-A113-4AD520AA75D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C31EBEA-2CB0-4910-B644-BAA5CB900DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAA688-530F-4049-AEF7-B302F984DCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "E83A28AE-9DDD-4C26-95AF-F8CB3600260B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE91D459-EF92-430A-98E8-1131D8BD8682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C54D26-9124-49E6-8EBA-00AE0640633A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F0D08-3AE5-482A-B6AD-717475EB2D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAC286B-A140-44E8-9B29-60B96A6B4555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "A9290686-AD5A-47DB-9CF8-4340446198A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F44106D-CD31-4FF2-A589-A7A7492FC0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D973598A-90C0-4AE0-A047-17866BD6DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68301687-793B-4A68-B1FB-A2B941A230C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1C1780-D08E-4E91-9379-CC6070360859",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname."
},
{
"lang": "es",
"value": "Condor antes de v7.8.2 permite a atacantes remotos evitar la auntenticaci\u00f3n basada en host y ejecutar acciones como ALLOW_ADMINISTRATOR o ALLOW_WRITE conectando desde un sistema con un hostname DNS inverso falsificado"
}
],
"id": "CVE-2012-3416",
"lastModified": "2024-11-21T01:40:49.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-25T10:29:50.617",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/84766"
},
{
"source": "secalert@redhat.com",
"url": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1168.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1169.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50246"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50294"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55032"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027395"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/84766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1168.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1169.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77748"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:40
Severity ?
Summary
src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 7.6.0 | |
| condor_project | condor | 7.6.1 | |
| condor_project | condor | 7.6.2 | |
| condor_project | condor | 7.6.3 | |
| condor_project | condor | 7.6.4 | |
| condor_project | condor | 7.6.5 | |
| condor_project | condor | 7.6.6 | |
| condor_project | condor | 7.6.7 | |
| condor_project | condor | 7.6.8 | |
| condor_project | condor | 7.6.9 | |
| condor_project | condor | 7.8.0 | |
| condor_project | condor | 7.8.1 | |
| condor_project | condor | 7.8.2 | |
| condor_project | condor | 7.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2260133-CF29-4F2F-A05E-ED5FF10F190A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8B138A-F2DF-4B12-8B00-CC234D7E4BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33F6FDB7-FB85-4879-81E8-CBC0BA027C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A225C35-3DF2-4C5A-B3D6-BC70FCB6C241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BA94AB-761B-44BB-A188-FC609789BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A6DF33-B8D9-41DA-8620-5C93813E7971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA2856A-EE5A-4E64-BF4B-2101D782B2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "59C2E93D-5983-4F40-AE61-B299FFB84E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDBB354-1B7E-43D1-B23F-35309272A37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B660525B-3A88-4AF2-86E6-B8E93B65DF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1C1780-D08E-4E91-9379-CC6070360859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6855FF-3285-48CA-951B-7B2CD53CCB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "536EBEBB-3957-4080-84D8-AC77A1452F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC8BC4-F8F8-41E5-A823-D640B2719554",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors."
},
{
"lang": "es",
"value": "src/condor_schedd.V6/schedd.cpp en Condor v7.6.x antes de v7.6.10 y v7.8.x antes de v7.8.4 no comprueba correctamente los permisos de los trabajos (jobs), lo que permite a usuarios remotos autenticados, eliminar los trabajos (jobs) de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-3491",
"lastModified": "2024-11-21T01:40:59.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:01.240",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1fff5d40"
},
{
"source": "secalert@redhat.com",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"source": "secalert@redhat.com",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50666"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1fff5d40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848214"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-08 22:00
Modified
2024-11-21 00:50
Severity ?
Summary
Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | * | |
| condor_project | condor | 6.8.0 | |
| condor_project | condor | 6.8.1 | |
| condor_project | condor | 6.8.2 | |
| condor_project | condor | 6.8.3 | |
| condor_project | condor | 6.8.4 | |
| condor_project | condor | 6.8.5 | |
| condor_project | condor | 6.8.6 | |
| condor_project | condor | 6.8.7 | |
| condor_project | condor | 6.8.8 | |
| condor_project | condor | 6.8.9 | |
| condor_project | condor | 7.0.0 | |
| condor_project | condor | 7.0.1 | |
| condor_project | condor | 7.0.2 | |
| condor_project | condor | 7.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1ED29E-B24F-4233-A506-38C078DA3A0C",
"versionEndIncluding": "7.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C82D2C15-DFD1-40E0-86FC-F48263416AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA32C2CA-B61F-449B-B90A-054AF177C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03F817A5-9926-4AB5-8D25-8B68DC905B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDAA46-4598-4DC2-8B1B-D85CBF649133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "524D6F4F-4715-4F68-A069-87CDEF8BB5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3219F472-97A7-4A8E-A45C-DBFB3E25AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el demonio (daemon) condor_ schedd de Condor anterior a v7.0.5, permite a los atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-3829",
"lastModified": "2024-11-21T00:50:13.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-08T22:00:01.920",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32189"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32193"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32232"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/31621"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1021002"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2760"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-31 22:41
Modified
2024-11-21 00:49
Severity ?
Summary
Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | * | |
| fedoraproject | fedora | 9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "501E4937-0F98-4B63-8054-04FC01B9B0C3",
"versionEndExcluding": "7.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions."
},
{
"lang": "es",
"value": "Condor versiones anteriores a la 7.0.4 no gestiona correctamente los caracteres especiales en las variables de configuraci\u00f3n ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, o HOSTDENY_WRITE en los listas de pol\u00edticas de autorizaci\u00f3n, lo cual podr\u00eda permitir a los atacantes remotos saltarse las restricciones de acceso previstas."
}
],
"id": "CVE-2008-3424",
"lastModified": "2024-11-21T00:49:13.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-31T22:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31284"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31423"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31459"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0814.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0816.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30440"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020646"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44063"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0814.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0816.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:40
Severity ?
Summary
The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 7.6.0 | |
| condor_project | condor | 7.6.1 | |
| condor_project | condor | 7.6.2 | |
| condor_project | condor | 7.6.3 | |
| condor_project | condor | 7.6.4 | |
| condor_project | condor | 7.6.5 | |
| condor_project | condor | 7.6.6 | |
| condor_project | condor | 7.6.7 | |
| condor_project | condor | 7.6.8 | |
| condor_project | condor | 7.6.9 | |
| condor_project | condor | 7.8.0 | |
| condor_project | condor | 7.8.1 | |
| condor_project | condor | 7.8.2 | |
| condor_project | condor | 7.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2260133-CF29-4F2F-A05E-ED5FF10F190A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8B138A-F2DF-4B12-8B00-CC234D7E4BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33F6FDB7-FB85-4879-81E8-CBC0BA027C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A225C35-3DF2-4C5A-B3D6-BC70FCB6C241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BA94AB-761B-44BB-A188-FC609789BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A6DF33-B8D9-41DA-8620-5C93813E7971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA2856A-EE5A-4E64-BF4B-2101D782B2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "59C2E93D-5983-4F40-AE61-B299FFB84E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDBB354-1B7E-43D1-B23F-35309272A37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B660525B-3A88-4AF2-86E6-B8E93B65DF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1C1780-D08E-4E91-9379-CC6070360859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6855FF-3285-48CA-951B-7B2CD53CCB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "536EBEBB-3957-4080-84D8-AC77A1452F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC8BC4-F8F8-41E5-A823-D640B2719554",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user\u0027s authentication directory."
},
{
"lang": "es",
"value": "La autenticaci\u00f3n de sistema de archivos (condor_io/condor_auth_fs.cpp) en Condor v7.6.x antes de v7.6.10 y v7.8.x antes de v7.8.4 utiliza directorios de autenticaci\u00f3n, incluso cuando tienen permisos d\u00e9biles, lo que permite a atacantes remotos suplantar a los usuarios mediante el renombreado de los directorios de los usuarios."
}
],
"id": "CVE-2012-3492",
"lastModified": "2024-11-21T01:40:59.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:01.303",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1db67805"
},
{
"source": "secalert@redhat.com",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"source": "secalert@redhat.com",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50666"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1db67805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-06 14:55
Modified
2024-11-21 01:44
Severity ?
Summary
The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 7.9.0 | |
| condor_project | condor | 7.8.0 | |
| condor_project | condor | 7.8.1 | |
| condor_project | condor | 7.8.2 | |
| condor_project | condor | 7.8.3 | |
| condor_project | condor | 7.8.4 | |
| condor_project | condor | 7.7.3 | |
| condor_project | condor | 7.7.4 | |
| condor_project | condor | 7.7.5 | |
| condor_project | condor | 7.7.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12276DD9-6777-453A-8246-152CE4C8FCD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1C1780-D08E-4E91-9379-CC6070360859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6855FF-3285-48CA-951B-7B2CD53CCB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "536EBEBB-3957-4080-84D8-AC77A1452F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC8BC4-F8F8-41E5-A823-D640B2719554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0A997604-130B-469F-A150-B96FE1F3942D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2F6B46-B99F-4832-95A5-9F758DC56010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C37E677-EA9D-4D31-9D6A-24501E51FCC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E78B62-0DD3-4953-AB95-6880ED7A60DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3318A37-27D8-4D12-B59E-FF5ED12953FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job."
},
{
"lang": "es",
"value": "El componente Standard Universe Shadow (condor_shadow.std) en Condor 7.7.3 hasta 7.7.6, 7.8.0 anterior a 7.8.5 y 7.9.0 no comprueba debidamente los privilegios, lo que permite a atacantes remotos ganar privilegios a trav\u00e9s de un Standard Universe Job manipulado."
}
],
"id": "CVE-2012-5390",
"lastModified": "2024-11-21T01:44:39.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-06T14:55:03.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/51862"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/57328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57328"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:40
Severity ?
Summary
The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 7.6.0 | |
| condor_project | condor | 7.6.1 | |
| condor_project | condor | 7.6.2 | |
| condor_project | condor | 7.6.3 | |
| condor_project | condor | 7.6.4 | |
| condor_project | condor | 7.6.5 | |
| condor_project | condor | 7.6.6 | |
| condor_project | condor | 7.6.7 | |
| condor_project | condor | 7.6.8 | |
| condor_project | condor | 7.6.9 | |
| condor_project | condor | 7.8.0 | |
| condor_project | condor | 7.8.1 | |
| condor_project | condor | 7.8.2 | |
| condor_project | condor | 7.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2260133-CF29-4F2F-A05E-ED5FF10F190A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8B138A-F2DF-4B12-8B00-CC234D7E4BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33F6FDB7-FB85-4879-81E8-CBC0BA027C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A225C35-3DF2-4C5A-B3D6-BC70FCB6C241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BA94AB-761B-44BB-A188-FC609789BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A6DF33-B8D9-41DA-8620-5C93813E7971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA2856A-EE5A-4E64-BF4B-2101D782B2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "59C2E93D-5983-4F40-AE61-B299FFB84E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDBB354-1B7E-43D1-B23F-35309272A37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B660525B-3A88-4AF2-86E6-B8E93B65DF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1C1780-D08E-4E91-9379-CC6070360859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6855FF-3285-48CA-951B-7B2CD53CCB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "536EBEBB-3957-4080-84D8-AC77A1452F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC8BC4-F8F8-41E5-A823-D640B2719554",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId."
},
{
"lang": "es",
"value": "La funci\u00f3n command_give_request_ad en condor_startd.V6/command.cpp en Condor v7.6.x antes de v7.6.10 y v7.8.x antes de v7.8.4 permite a atacantes remotos obtener informaci\u00f3n sensible y posiblemente controlar o iniciar trabajos (jobs) de su elecci\u00f3n a trav\u00e9s de una solicitud ClassAd al puerto condor_startd, lo provoca una fuga del ClaimID."
}
],
"id": "CVE-2012-3493",
"lastModified": "2024-11-21T01:40:59.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:01.350",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=d2f33972"
},
{
"source": "secalert@redhat.com",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"source": "secalert@redhat.com",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50666"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=d2f33972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848222"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-08 22:00
Modified
2024-11-21 00:50
Severity ?
Summary
Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | * | |
| condor_project | condor | 6.8.0 | |
| condor_project | condor | 6.8.1 | |
| condor_project | condor | 6.8.2 | |
| condor_project | condor | 6.8.3 | |
| condor_project | condor | 6.8.4 | |
| condor_project | condor | 6.8.5 | |
| condor_project | condor | 6.8.6 | |
| condor_project | condor | 6.8.7 | |
| condor_project | condor | 6.8.8 | |
| condor_project | condor | 6.8.9 | |
| condor_project | condor | 7.0.0 | |
| condor_project | condor | 7.0.1 | |
| condor_project | condor | 7.0.2 | |
| condor_project | condor | 7.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1ED29E-B24F-4233-A506-38C078DA3A0C",
"versionEndIncluding": "7.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C82D2C15-DFD1-40E0-86FC-F48263416AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA32C2CA-B61F-449B-B90A-054AF177C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03F817A5-9926-4AB5-8D25-8B68DC905B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDAA46-4598-4DC2-8B1B-D85CBF649133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "524D6F4F-4715-4F68-A069-87CDEF8BB5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3219F472-97A7-4A8E-A45C-DBFB3E25AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el demonio (daemon) condor_schedd de Condor anterior a v7.0.5; permite a los atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda) y puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-3828",
"lastModified": "2024-11-21T00:50:13.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-08T22:00:01.887",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32189"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32193"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32232"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/31621"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1021002"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2760"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:44
Severity ?
Summary
Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 7.6.0 | |
| condor_project | condor | 7.6.1 | |
| condor_project | condor | 7.6.2 | |
| condor_project | condor | 7.6.3 | |
| condor_project | condor | 7.6.4 | |
| condor_project | condor | 7.6.5 | |
| condor_project | condor | 7.6.6 | |
| condor_project | condor | 7.6.7 | |
| condor_project | condor | 7.6.8 | |
| condor_project | condor | 7.6.9 | |
| condor_project | condor | 7.8.0 | |
| condor_project | condor | 7.8.1 | |
| condor_project | condor | 7.8.2 | |
| condor_project | condor | 7.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2260133-CF29-4F2F-A05E-ED5FF10F190A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8B138A-F2DF-4B12-8B00-CC234D7E4BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33F6FDB7-FB85-4879-81E8-CBC0BA027C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A225C35-3DF2-4C5A-B3D6-BC70FCB6C241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BA94AB-761B-44BB-A188-FC609789BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A6DF33-B8D9-41DA-8620-5C93813E7971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA2856A-EE5A-4E64-BF4B-2101D782B2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "59C2E93D-5983-4F40-AE61-B299FFB84E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDBB354-1B7E-43D1-B23F-35309272A37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B660525B-3A88-4AF2-86E6-B8E93B65DF61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1C1780-D08E-4E91-9379-CC6070360859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6855FF-3285-48CA-951B-7B2CD53CCB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "536EBEBB-3957-4080-84D8-AC77A1452F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC8BC4-F8F8-41E5-A823-D640B2719554",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to \"error checking of system calls.\""
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Condor v7.6.x antes de v7.6.10 y v7.8.x antes de v7.8.4 tienen vectores de ataque desconocidos y un impacto relacionado con \"la comprobaci\u00f3n de errores de llamadas al sistema.\""
}
],
"id": "CVE-2012-5197",
"lastModified": "2024-11-21T01:44:14.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:01.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78974"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-11 22:55
Modified
2024-11-21 01:11
Severity ?
Summary
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | * | |
| condor_project | condor | 7.4.0 | |
| redhat | enterprise_mrg | 1.0 | |
| redhat | enterprise_mrg | 1.0.1 | |
| redhat | enterprise_mrg | 1.0.2 | |
| redhat | enterprise_mrg | 1.0.3 | |
| redhat | enterprise_mrg | 1.1.1 | |
| redhat | enterprise_mrg | 1.1.2 | |
| redhat | enterprise_mrg | 1.2 | |
| redhat | enterprise_mrg | 1.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDEB31F-4DF7-4639-A1E7-6BAAB4CA7303",
"versionEndIncluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E172C-4FBD-40AA-91F1-2858A74C5483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A4D28-0EC4-4584-9126-A47003CD06AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12EE56E2-D7B7-4BF6-BC1F-86B8EE77F064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9A3A7B-4A61-4F2C-A8F9-D428B690294E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C6E954-7BBE-4214-9407-86322372FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED639614-7AE8-4DDE-9FE3-1554FE59202C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD09E081-B714-45A1-ACBB-28D805BFD01C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC7F3E0-9E2A-4FBF-A4E5-9CCBC8D4C7CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
},
{
"lang": "es",
"value": "La pol\u00edtica de definici\u00f3n evaluadora en Condor anterior a la versi\u00f3n 7.4.2 no maneja adecuadamente atributos en una pol\u00edtica WANT_SUSPEND que da como resultado un estado UNDEFINIED, lo que permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (condor_startd exit) a trav\u00e9s de un trabajo manipulado."
}
],
"id": "CVE-2009-5136",
"lastModified": "2024-11-21T01:11:14.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-11T22:55:35.910",
"references": [
{
"source": "cve@mitre.org",
"url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"source": "cve@mitre.org",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-11 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | * | |
| condor_project | condor | 7.5.4 | |
| redhat | enterprise_mrg | 2.0 | |
| redhat | enterprise_mrg | 2.1 | |
| redhat | enterprise_mrg | 2.2 | |
| redhat | enterprise_mrg | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE7A59E-1CF0-4DE8-84ED-5B6434C86574",
"versionEndIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8464E672-FEB8-4EC2-97EA-D6615DB22F28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2A5DA2-081C-4524-AE73-F9EFB23B412A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87927ABB-0BDC-493C-B4F4-E979B03DAC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15856E6B-7BF3-4377-8708-574F3F7334D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
},
{
"lang": "es",
"value": "La pol\u00edtica de definici\u00f3n evaluadora en Condor 7.5.4, 8.0.0, y versiones anteriores no trata correctamente los atributos de una (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, o (5) KILL pol\u00edtica que evalua un estado No Configurado, Indefinido o estado de error, lo que permite a los usuarios remotos autenticados causar una denegaci\u00f3n de servicio (salida condor_startd) a trav\u00e9s de un trabajo manipulad"
}
],
"id": "CVE-2013-4255",
"lastModified": "2024-11-21T01:55:13.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-11T22:55:39.910",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1171.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1172.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919401"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1171.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1172.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-14 03:10
Modified
2024-11-21 01:42
Severity ?
Summary
aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 7.8.0 | |
| redhat | enterprise_mrg | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1C1780-D08E-4E91-9379-CC6070360859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15856E6B-7BF3-4377-8708-574F3F7334D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option."
},
{
"lang": "es",
"value": "aviary/jobcontrol.py de Condor, es usado en Red Hat Enterprise MRG v2.3, cuando se eliminan tareas, permite a atacantes remotos causar una denegaci\u00f3n de servicios (condor_schedd reinicio) a trav\u00e9s de corchetes en la opci\u00f3n cproc."
}
],
"id": "CVE-2012-4462",
"lastModified": "2024-11-21T01:42:56.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-14T03:10:23.503",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0564.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0565.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0564.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0565.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:44
Severity ?
Summary
Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 7.6.0 | |
| condor_project | condor | 7.6.1 | |
| condor_project | condor | 7.6.2 | |
| condor_project | condor | 7.6.3 | |
| condor_project | condor | 7.6.4 | |
| condor_project | condor | 7.6.5 | |
| condor_project | condor | 7.6.6 | |
| condor_project | condor | 7.6.7 | |
| condor_project | condor | 7.6.8 | |
| condor_project | condor | 7.6.9 | |
| condor_project | condor | 7.8.0 | |
| condor_project | condor | 7.8.1 | |
| condor_project | condor | 7.8.2 | |
| condor_project | condor | 7.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2260133-CF29-4F2F-A05E-ED5FF10F190A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8B138A-F2DF-4B12-8B00-CC234D7E4BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33F6FDB7-FB85-4879-81E8-CBC0BA027C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A225C35-3DF2-4C5A-B3D6-BC70FCB6C241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BA94AB-761B-44BB-A188-FC609789BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A6DF33-B8D9-41DA-8620-5C93813E7971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA2856A-EE5A-4E64-BF4B-2101D782B2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "59C2E93D-5983-4F40-AE61-B299FFB84E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDBB354-1B7E-43D1-B23F-35309272A37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B660525B-3A88-4AF2-86E6-B8E93B65DF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1C1780-D08E-4E91-9379-CC6070360859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6855FF-3285-48CA-951B-7B2CD53CCB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "536EBEBB-3957-4080-84D8-AC77A1452F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC8BC4-F8F8-41E5-A823-D640B2719554",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en Condor v7.6.x antes de v7.6.10 y v7.8.x antes de v7.8.4 tienen un impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2012-5196",
"lastModified": "2024-11-21T01:44:14.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:01.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78975"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-23 18:30
Modified
2024-11-21 01:08
Severity ?
Summary
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 6.5.4 | |
| condor_project | condor | 6.8.0 | |
| condor_project | condor | 6.8.1 | |
| condor_project | condor | 6.8.2 | |
| condor_project | condor | 6.8.3 | |
| condor_project | condor | 6.8.4 | |
| condor_project | condor | 6.8.5 | |
| condor_project | condor | 6.8.6 | |
| condor_project | condor | 6.8.7 | |
| condor_project | condor | 6.8.8 | |
| condor_project | condor | 6.8.9 | |
| condor_project | condor | 7.0.0 | |
| condor_project | condor | 7.0.1 | |
| condor_project | condor | 7.0.2 | |
| condor_project | condor | 7.0.3 | |
| condor_project | condor | 7.0.4 | |
| condor_project | condor | 7.0.5 | |
| condor_project | condor | 7.0.6 | |
| condor_project | condor | 7.1.0 | |
| condor_project | condor | 7.1.1 | |
| condor_project | condor | 7.1.2 | |
| condor_project | condor | 7.1.3 | |
| condor_project | condor | 7.1.4 | |
| condor_project | condor | 7.2.0 | |
| condor_project | condor | 7.2.1 | |
| condor_project | condor | 7.2.2 | |
| condor_project | condor | 7.2.3 | |
| condor_project | condor | 7.2.4 | |
| condor_project | condor | 7.3.0 | |
| condor_project | condor | 7.3.1 | |
| condor_project | condor | 7.3.2 | |
| condor_project | condor | 7.4.0 | |
| redhat | enterprise_mrg | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D17C7D49-C87C-4531-9F60-AEA8217BC47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C82D2C15-DFD1-40E0-86FC-F48263416AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA32C2CA-B61F-449B-B90A-054AF177C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03F817A5-9926-4AB5-8D25-8B68DC905B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDAA46-4598-4DC2-8B1B-D85CBF649133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "524D6F4F-4715-4F68-A069-87CDEF8BB5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3219F472-97A7-4A8E-A45C-DBFB3E25AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F3C190-977B-4FFA-8DA6-6C1DC337FE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9E5EA-CD6B-401A-ACD5-0FA64A32DD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5888B30-EFC0-49D7-BDFC-219226A3BE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5985B827-0494-4B99-A0CC-3F2DCB486BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D49E49-D7C3-4A8D-87DF-26BFE479F0D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B921A880-DCC2-4AEB-A113-4AD520AA75D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C31EBEA-2CB0-4910-B644-BAA5CB900DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAA688-530F-4049-AEF7-B302F984DCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE91D459-EF92-430A-98E8-1131D8BD8682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C54D26-9124-49E6-8EBA-00AE0640633A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F0D08-3AE5-482A-B6AD-717475EB2D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAC286B-A140-44E8-9B29-60B96A6B4555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F44106D-CD31-4FF2-A589-A7A7492FC0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D973598A-90C0-4AE0-A047-17866BD6DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD09E081-B714-45A1-ACBB-28D805BFD01C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."
},
{
"lang": "es",
"value": "Condor v6.5.4 hasta v7.2.4, v7.3.x, y v7.4.0, como el usado en MRG, Grid para MRG, y Grid Execute Node para MRG, permite a usuarios autenticados remotamente encolar tareas como un usuario de su elecci\u00f3n, y de ese modo obtener privilegios, usando una herramienta de l\u00ednea de commandos Condor para modificar un atributo de tarea no especificado."
}
],
"id": "CVE-2009-4133",
"lastModified": "2024-11-21T01:08:59.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-23T18:30:00.687",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37766"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37803"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1023378"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/37443"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-10 18:15
Modified
2024-11-21 01:33
Severity ?
Summary
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 7.2.0 | |
| condor_project | condor | 7.2.1 | |
| condor_project | condor | 7.2.2 | |
| condor_project | condor | 7.2.3 | |
| condor_project | condor | 7.2.4 | |
| condor_project | condor | 7.2.5 | |
| condor_project | condor | 7.3.0 | |
| condor_project | condor | 7.3.1 | |
| condor_project | condor | 7.3.2 | |
| condor_project | condor | 7.4.0 | |
| condor_project | condor | 7.4.1 | |
| condor_project | condor | 7.4.2 | |
| condor_project | condor | 7.5.4 | |
| condor_project | condor | 7.6.0 | |
| condor_project | condor | 7.6.1 | |
| condor_project | condor | 7.6.2 | |
| condor_project | condor | 7.6.3 | |
| condor_project | condor | 7.6.4 | |
| fedoraproject | fedora | 15 | |
| fedoraproject | fedora | 16 | |
| redhat | enterprise_mrg | 1.3 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE91D459-EF92-430A-98E8-1131D8BD8682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C54D26-9124-49E6-8EBA-00AE0640633A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F0D08-3AE5-482A-B6AD-717475EB2D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAC286B-A140-44E8-9B29-60B96A6B4555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "14883865-8C31-4D40-B969-D61FE18920C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F44106D-CD31-4FF2-A589-A7A7492FC0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D973598A-90C0-4AE0-A047-17866BD6DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68301687-793B-4A68-B1FB-A2B941A230C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55E4CE41-D1AF-4187-AA26-FCDEA2F52E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8464E672-FEB8-4EC2-97EA-D6615DB22F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2260133-CF29-4F2F-A05E-ED5FF10F190A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8B138A-F2DF-4B12-8B00-CC234D7E4BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33F6FDB7-FB85-4879-81E8-CBC0BA027C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A225C35-3DF2-4C5A-B3D6-BC70FCB6C241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BA94AB-761B-44BB-A188-FC609789BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
"matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60D3DD4A-2984-4929-BF6A-30B8CE9B2974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cadena de formato en Condor 7.2.0 hasta 7.6.4 y posiblemente ciertas versiones 7.7.x, como las utilizadas en Red Hat MRG Grid y posiblemente otros productos, permiten a usuarios locales causar una denegaci\u00f3n de servicio (demonio condor_schedd y fallo en el lanzamiento de trabajos) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena de especificadores de formato en (1) la raz\u00f3n de un retraso en un trabajo que utiliza un registro de usuario XML, (2) el nombre de un archivo pendiente de transferir y posiblemente otros vectores no especificados."
}
],
"id": "CVE-2011-4930",
"lastModified": "2024-11-21T01:33:19.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-10T18:15:09.310",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}