FKIE_CVE-2011-4930

Vulnerability from fkie_nvd - Published: 2014-02-10 18:15 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
References
secalert@redhat.comhttp://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.htmlVendor Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0099.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0100.html
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=759548
secalert@redhat.comhttps://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867
secalert@redhat.comhttps://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264
secalert@redhat.comhttps://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429
secalert@redhat.comhttps://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660
af854a3a-2127-422b-91ae-364da2661108http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0099.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0100.html
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=759548
af854a3a-2127-422b-91ae-364da2661108https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867
af854a3a-2127-422b-91ae-364da2661108https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264
af854a3a-2127-422b-91ae-364da2661108https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429
af854a3a-2127-422b-91ae-364da2661108https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660
Impacted products
Vendor Product Version
condor_project condor 7.2.0
condor_project condor 7.2.1
condor_project condor 7.2.2
condor_project condor 7.2.3
condor_project condor 7.2.4
condor_project condor 7.2.5
condor_project condor 7.3.0
condor_project condor 7.3.1
condor_project condor 7.3.2
condor_project condor 7.4.0
condor_project condor 7.4.1
condor_project condor 7.4.2
condor_project condor 7.5.4
condor_project condor 7.6.0
condor_project condor 7.6.1
condor_project condor 7.6.2
condor_project condor 7.6.3
condor_project condor 7.6.4
fedoraproject fedora 15
fedoraproject fedora 16
redhat enterprise_mrg 1.3
redhat enterprise_mrg 2.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE91D459-EF92-430A-98E8-1131D8BD8682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C54D26-9124-49E6-8EBA-00AE0640633A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66F0D08-3AE5-482A-B6AD-717475EB2D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDAC286B-A140-44E8-9B29-60B96A6B4555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "14883865-8C31-4D40-B969-D61FE18920C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F44106D-CD31-4FF2-A589-A7A7492FC0CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D973598A-90C0-4AE0-A047-17866BD6DC46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68301687-793B-4A68-B1FB-A2B941A230C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55E4CE41-D1AF-4187-AA26-FCDEA2F52E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8464E672-FEB8-4EC2-97EA-D6615DB22F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2260133-CF29-4F2F-A05E-ED5FF10F190A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF8B138A-F2DF-4B12-8B00-CC234D7E4BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F6FDB7-FB85-4879-81E8-CBC0BA027C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A225C35-3DF2-4C5A-B3D6-BC70FCB6C241",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4BA94AB-761B-44BB-A188-FC609789BF30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
              "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60D3DD4A-2984-4929-BF6A-30B8CE9B2974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de cadena de formato en Condor 7.2.0 hasta 7.6.4 y posiblemente ciertas versiones 7.7.x, como las utilizadas en Red Hat MRG Grid y posiblemente otros productos, permiten a usuarios locales causar una denegaci\u00f3n de servicio (demonio condor_schedd y fallo en el lanzamiento de trabajos) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena de especificadores de formato en (1) la raz\u00f3n de un retraso en un trabajo que utiliza un registro de usuario XML, (2) el nombre de un archivo pendiente de transferir y posiblemente otros vectores no especificados."
    }
  ],
  "id": "CVE-2011-4930",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-10T18:15:09.310",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.