rhsa-2012_1278
Vulnerability from csaf_redhat
Published
2012-09-19 17:33
Modified
2024-12-01 11:55
Summary
Red Hat Security Advisory: Red Hat Enterprise MRG Grid 2.2 security update
Notes
Topic
Updated Grid component packages that fix several security issues, add
various enhancements and fix multiple bugs are now available for Red Hat
Enterprise MRG 2 for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.
A number of unprotected resources (web pages, export functionality, image
viewing) were found in Cumin. An unauthenticated user could bypass intended
access restrictions, resulting in information disclosure. (CVE-2012-2680)
Cumin could generate weak session keys, potentially allowing remote
attackers to predict session keys and obtain unauthorized access to Cumin.
(CVE-2012-2681)
Multiple cross-site scripting flaws in Cumin could allow remote attackers
to inject arbitrary web script on a web page displayed by Cumin.
(CVE-2012-2683)
An SQL injection flaw in Cumin could allow remote attackers to manipulate
the contents of the back-end database via a specially-crafted URL.
(CVE-2012-2684)
When Cumin handled image requests, clients could request images of
arbitrary sizes. This could result in large memory allocations on the Cumin
server, leading to an out-of-memory condition. (CVE-2012-2685)
Cumin did not protect against Cross-Site Request Forgery attacks. If an
attacker could trick a user, who was logged into the Cumin web interface,
into visiting a specially-crafted web page, it could lead to unauthorized
command execution in the Cumin web interface with the privileges of the
logged-in user. (CVE-2012-2734)
A session fixation flaw was found in Cumin. An authenticated user able to
pre-set the Cumin session cookie in a victim's browser could possibly use
this flaw to steal the victim's session after they log into Cumin.
(CVE-2012-2735)
It was found that authenticated users could send a specially-crafted HTTP
POST request to Cumin that would cause it to submit a job attribute change
to Condor. This could be used to change internal Condor attributes,
including the Owner attribute, which could allow Cumin users to elevate
their privileges. (CVE-2012-3459)
It was discovered that Condor's file system authentication challenge
accepted directories with weak permissions (for example, world readable,
writable and executable permissions). If a user created a directory with
such permissions, a local attacker could rename it, allowing them to
execute jobs with the privileges of the victim user. (CVE-2012-3492)
It was discovered that Condor exposed private information in the data in
the ClassAds format served by condor_startd. An unauthenticated user able
to connect to condor_startd's port could request a ClassAd for a running
job, provided they could guess or brute-force the PID of the job. This
could expose the ClaimId which, if obtained, could be used to control the
job as well as start new jobs on the system. (CVE-2012-3493)
It was discovered that the ability to abort a job in Condor only required
WRITE authorization, instead of a combination of WRITE authorization and
job ownership. This could allow an authenticated attacker to bypass
intended restrictions and abort any idle job on the system. (CVE-2012-3491)
The above issues were discovered by Florian Weimer of the Red Hat Product
Security Team.
This update also provides defense in depth patches for Condor. (BZ#848212,
BZ#835592, BZ#841173, BZ#843476)
These updated packages for Red Hat Enterprise Linux 5 provide numerous
enhancements and bug fixes for the Grid component of MRG. Some highlights
include:
* Integration with Red Hat Enterprise Virtualization Manager via Deltacloud
* Role enforcement in Cumin
* Cumin authentication integration with LDAP
* Enhanced Red Hat HA integration managing multiple-schedulers nodes
* Generic local resource limits for partitionable slots
* Concurrency limit groups
Space precludes documenting all of these changes in this advisory. Refer to
the Red Hat Enterprise MRG 2 Technical Notes document, linked to in the
References section, for information on these changes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Grid component packages that fix several security issues, add\nvarious enhancements and fix multiple bugs are now available for Red Hat\nEnterprise MRG 2 for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation\nIT infrastructure for enterprise computing. MRG offers increased\nperformance, reliability, interoperability, and faster computing for\nenterprise customers.\n\nA number of unprotected resources (web pages, export functionality, image\nviewing) were found in Cumin. An unauthenticated user could bypass intended\naccess restrictions, resulting in information disclosure. (CVE-2012-2680)\n\nCumin could generate weak session keys, potentially allowing remote\nattackers to predict session keys and obtain unauthorized access to Cumin.\n(CVE-2012-2681)\n\nMultiple cross-site scripting flaws in Cumin could allow remote attackers\nto inject arbitrary web script on a web page displayed by Cumin.\n(CVE-2012-2683)\n\nAn SQL injection flaw in Cumin could allow remote attackers to manipulate\nthe contents of the back-end database via a specially-crafted URL.\n(CVE-2012-2684)\n\nWhen Cumin handled image requests, clients could request images of\narbitrary sizes. This could result in large memory allocations on the Cumin\nserver, leading to an out-of-memory condition. (CVE-2012-2685)\n\nCumin did not protect against Cross-Site Request Forgery attacks. If an\nattacker could trick a user, who was logged into the Cumin web interface,\ninto visiting a specially-crafted web page, it could lead to unauthorized\ncommand execution in the Cumin web interface with the privileges of the\nlogged-in user. (CVE-2012-2734)\n\nA session fixation flaw was found in Cumin. An authenticated user able to\npre-set the Cumin session cookie in a victim\u0027s browser could possibly use\nthis flaw to steal the victim\u0027s session after they log into Cumin.\n(CVE-2012-2735)\n\nIt was found that authenticated users could send a specially-crafted HTTP\nPOST request to Cumin that would cause it to submit a job attribute change\nto Condor. This could be used to change internal Condor attributes,\nincluding the Owner attribute, which could allow Cumin users to elevate\ntheir privileges. (CVE-2012-3459)\n\nIt was discovered that Condor\u0027s file system authentication challenge\naccepted directories with weak permissions (for example, world readable,\nwritable and executable permissions). If a user created a directory with\nsuch permissions, a local attacker could rename it, allowing them to\nexecute jobs with the privileges of the victim user. (CVE-2012-3492)\n\nIt was discovered that Condor exposed private information in the data in\nthe ClassAds format served by condor_startd. An unauthenticated user able\nto connect to condor_startd\u0027s port could request a ClassAd for a running\njob, provided they could guess or brute-force the PID of the job. This\ncould expose the ClaimId which, if obtained, could be used to control the\njob as well as start new jobs on the system. (CVE-2012-3493)\n\nIt was discovered that the ability to abort a job in Condor only required\nWRITE authorization, instead of a combination of WRITE authorization and\njob ownership. This could allow an authenticated attacker to bypass\nintended restrictions and abort any idle job on the system. (CVE-2012-3491)\n\nThe above issues were discovered by Florian Weimer of the Red Hat Product\nSecurity Team.\n\nThis update also provides defense in depth patches for Condor. (BZ#848212,\nBZ#835592, BZ#841173, BZ#843476)\n\nThese updated packages for Red Hat Enterprise Linux 5 provide numerous\nenhancements and bug fixes for the Grid component of MRG. Some highlights\ninclude:\n\n* Integration with Red Hat Enterprise Virtualization Manager via Deltacloud\n* Role enforcement in Cumin\n* Cumin authentication integration with LDAP\n* Enhanced Red Hat HA integration managing multiple-schedulers nodes\n* Generic local resource limits for partitionable slots\n* Concurrency limit groups\n\nSpace precludes documenting all of these changes in this advisory. Refer to\nthe Red Hat Enterprise MRG 2 Technical Notes document, linked to in the\nReferences section, for information on these changes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:1278",
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_5.html#RHSA-2012-1278",
"url": "https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_5.html#RHSA-2012-1278"
},
{
"category": "external",
"summary": "721110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=721110"
},
{
"category": "external",
"summary": "748507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=748507"
},
{
"category": "external",
"summary": "769573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=769573"
},
{
"category": "external",
"summary": "794660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794660"
},
{
"category": "external",
"summary": "799838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799838"
},
{
"category": "external",
"summary": "806071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=806071"
},
{
"category": "external",
"summary": "806079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=806079"
},
{
"category": "external",
"summary": "807738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=807738"
},
{
"category": "external",
"summary": "810519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=810519"
},
{
"category": "external",
"summary": "812126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=812126"
},
{
"category": "external",
"summary": "827558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827558"
},
{
"category": "external",
"summary": "829421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=829421"
},
{
"category": "external",
"summary": "830243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=830243"
},
{
"category": "external",
"summary": "830245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=830245"
},
{
"category": "external",
"summary": "830248",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=830248"
},
{
"category": "external",
"summary": "832124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=832124"
},
{
"category": "external",
"summary": "832151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=832151"
},
{
"category": "external",
"summary": "846501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=846501"
},
{
"category": "external",
"summary": "848212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848212"
},
{
"category": "external",
"summary": "848214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848214"
},
{
"category": "external",
"summary": "848218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848218"
},
{
"category": "external",
"summary": "848222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848222"
},
{
"category": "external",
"summary": "852321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=852321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1278.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise MRG Grid 2.2 security update",
"tracking": {
"current_release_date": "2024-12-01T11:55:17+00:00",
"generator": {
"date": "2024-12-01T11:55:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2012:1278",
"initial_release_date": "2012-09-19T17:33:00+00:00",
"revision_history": [
{
"date": "2012-09-19T17:33:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-09-19T17:40:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-01T11:55:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "MRG Grid for RHEL 5 Server v.2",
"product": {
"name": "MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_mrg:2::el5"
}
}
},
{
"category": "product_name",
"name": "MRG Grid Execute Node for RHEL 5 Server v.2",
"product": {
"name": "MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_mrg:2::el5"
}
}
},
{
"category": "product_name",
"name": "MRG Management for RHEL 5 Server v.2",
"product": {
"name": "MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_mrg:2::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat MRG Messaging for RHEL 5 Server v.2",
"product": {
"name": "Red Hat MRG Messaging for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Messaging-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_mrg:2::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise MRG for RHEL-5"
},
{
"branches": [
{
"category": "product_version",
"name": "wallaby-0:0.12.5-10.el5.src",
"product": {
"name": "wallaby-0:0.12.5-10.el5.src",
"product_id": "wallaby-0:0.12.5-10.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/wallaby@0.12.5-10.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "sesame-0:1.0-4.el5.src",
"product": {
"name": "sesame-0:1.0-4.el5.src",
"product_id": "sesame-0:1.0-4.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sesame@1.0-4.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "condor-wallaby-0:4.1.3-1.el5.src",
"product": {
"name": "condor-wallaby-0:4.1.3-1.el5.src",
"product_id": "condor-wallaby-0:4.1.3-1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-wallaby@4.1.3-1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "cumin-0:0.1.5444-3.el5.src",
"product": {
"name": "cumin-0:0.1.5444-3.el5.src",
"product_id": "cumin-0:0.1.5444-3.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cumin@0.1.5444-3.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "condor-0:7.6.5-0.22.el5.src",
"product": {
"name": "condor-0:7.6.5-0.22.el5.src",
"product_id": "condor-0:7.6.5-0.22.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor@7.6.5-0.22.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "condor-wallaby-base-db-0:1.23-1.el5.src",
"product": {
"name": "condor-wallaby-base-db-0:1.23-1.el5.src",
"product_id": "condor-wallaby-base-db-0:1.23-1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-wallaby-base-db@1.23-1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "wallaby-0:0.12.5-10.el5.noarch",
"product": {
"name": "wallaby-0:0.12.5-10.el5.noarch",
"product_id": "wallaby-0:0.12.5-10.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/wallaby@0.12.5-10.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby-wallaby-0:0.12.5-10.el5.noarch",
"product": {
"name": "ruby-wallaby-0:0.12.5-10.el5.noarch",
"product_id": "ruby-wallaby-0:0.12.5-10.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-wallaby@0.12.5-10.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-wallaby-0:0.12.5-10.el5.noarch",
"product": {
"name": "python-wallaby-0:0.12.5-10.el5.noarch",
"product_id": "python-wallaby-0:0.12.5-10.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-wallaby@0.12.5-10.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "wallaby-utils-0:0.12.5-10.el5.noarch",
"product": {
"name": "wallaby-utils-0:0.12.5-10.el5.noarch",
"product_id": "wallaby-utils-0:0.12.5-10.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/wallaby-utils@0.12.5-10.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "condor-wallaby-client-0:4.1.3-1.el5.noarch",
"product": {
"name": "condor-wallaby-client-0:4.1.3-1.el5.noarch",
"product_id": "condor-wallaby-client-0:4.1.3-1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-wallaby-client@4.1.3-1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-wallabyclient-0:4.1.3-1.el5.noarch",
"product": {
"name": "python-wallabyclient-0:4.1.3-1.el5.noarch",
"product_id": "python-wallabyclient-0:4.1.3-1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-wallabyclient@4.1.3-1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"product": {
"name": "condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"product_id": "condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-wallaby-tools@4.1.3-1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "cumin-0:0.1.5444-3.el5.noarch",
"product": {
"name": "cumin-0:0.1.5444-3.el5.noarch",
"product_id": "cumin-0:0.1.5444-3.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cumin@0.1.5444-3.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "condor-wallaby-base-db-0:1.23-1.el5.noarch",
"product": {
"name": "condor-wallaby-base-db-0:1.23-1.el5.noarch",
"product_id": "condor-wallaby-base-db-0:1.23-1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-wallaby-base-db@1.23-1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "sesame-0:1.0-4.el5.i386",
"product": {
"name": "sesame-0:1.0-4.el5.i386",
"product_id": "sesame-0:1.0-4.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sesame@1.0-4.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "sesame-debuginfo-0:1.0-4.el5.i386",
"product": {
"name": "sesame-debuginfo-0:1.0-4.el5.i386",
"product_id": "sesame-debuginfo-0:1.0-4.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sesame-debuginfo@1.0-4.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"product": {
"name": "condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"product_id": "condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-vm-gahp@7.6.5-0.22.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "condor-kbdd-0:7.6.5-0.22.el5.i386",
"product": {
"name": "condor-kbdd-0:7.6.5-0.22.el5.i386",
"product_id": "condor-kbdd-0:7.6.5-0.22.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-kbdd@7.6.5-0.22.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "condor-debuginfo-0:7.6.5-0.22.el5.i386",
"product": {
"name": "condor-debuginfo-0:7.6.5-0.22.el5.i386",
"product_id": "condor-debuginfo-0:7.6.5-0.22.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-debuginfo@7.6.5-0.22.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "condor-classads-0:7.6.5-0.22.el5.i386",
"product": {
"name": "condor-classads-0:7.6.5-0.22.el5.i386",
"product_id": "condor-classads-0:7.6.5-0.22.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-classads@7.6.5-0.22.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "condor-0:7.6.5-0.22.el5.i386",
"product": {
"name": "condor-0:7.6.5-0.22.el5.i386",
"product_id": "condor-0:7.6.5-0.22.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor@7.6.5-0.22.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "condor-qmf-0:7.6.5-0.22.el5.i386",
"product": {
"name": "condor-qmf-0:7.6.5-0.22.el5.i386",
"product_id": "condor-qmf-0:7.6.5-0.22.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-qmf@7.6.5-0.22.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "condor-aviary-0:7.6.5-0.22.el5.i386",
"product": {
"name": "condor-aviary-0:7.6.5-0.22.el5.i386",
"product_id": "condor-aviary-0:7.6.5-0.22.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-aviary@7.6.5-0.22.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "sesame-0:1.0-4.el5.x86_64",
"product": {
"name": "sesame-0:1.0-4.el5.x86_64",
"product_id": "sesame-0:1.0-4.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sesame@1.0-4.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sesame-debuginfo-0:1.0-4.el5.x86_64",
"product": {
"name": "sesame-debuginfo-0:1.0-4.el5.x86_64",
"product_id": "sesame-debuginfo-0:1.0-4.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sesame-debuginfo@1.0-4.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"product": {
"name": "condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"product_id": "condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-vm-gahp@7.6.5-0.22.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"product": {
"name": "condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"product_id": "condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-kbdd@7.6.5-0.22.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"product": {
"name": "condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"product_id": "condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-debuginfo@7.6.5-0.22.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "condor-classads-0:7.6.5-0.22.el5.x86_64",
"product": {
"name": "condor-classads-0:7.6.5-0.22.el5.x86_64",
"product_id": "condor-classads-0:7.6.5-0.22.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-classads@7.6.5-0.22.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "condor-0:7.6.5-0.22.el5.x86_64",
"product": {
"name": "condor-0:7.6.5-0.22.el5.x86_64",
"product_id": "condor-0:7.6.5-0.22.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor@7.6.5-0.22.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "condor-qmf-0:7.6.5-0.22.el5.x86_64",
"product": {
"name": "condor-qmf-0:7.6.5-0.22.el5.x86_64",
"product_id": "condor-qmf-0:7.6.5-0.22.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-qmf@7.6.5-0.22.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "condor-aviary-0:7.6.5-0.22.el5.x86_64",
"product": {
"name": "condor-aviary-0:7.6.5-0.22.el5.x86_64",
"product_id": "condor-aviary-0:7.6.5-0.22.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/condor-aviary@7.6.5-0.22.el5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-0:7.6.5-0.22.el5.i386 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-0:7.6.5-0.22.el5.src as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src"
},
"product_reference": "condor-0:7.6.5-0.22.el5.src",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-aviary-0:7.6.5-0.22.el5.i386 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-aviary-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-aviary-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-aviary-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-classads-0:7.6.5-0.22.el5.i386 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-classads-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-classads-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-classads-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-debuginfo-0:7.6.5-0.22.el5.i386 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-debuginfo-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-debuginfo-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-kbdd-0:7.6.5-0.22.el5.i386 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-kbdd-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-kbdd-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-qmf-0:7.6.5-0.22.el5.i386 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-qmf-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-qmf-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-qmf-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-vm-gahp-0:7.6.5-0.22.el5.i386 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-vm-gahp-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-wallaby-0:4.1.3-1.el5.src as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src"
},
"product_reference": "condor-wallaby-0:4.1.3-1.el5.src",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-wallaby-base-db-0:1.23-1.el5.noarch as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch"
},
"product_reference": "condor-wallaby-base-db-0:1.23-1.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-wallaby-base-db-0:1.23-1.el5.src as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src"
},
"product_reference": "condor-wallaby-base-db-0:1.23-1.el5.src",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-wallaby-client-0:4.1.3-1.el5.noarch as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch"
},
"product_reference": "condor-wallaby-client-0:4.1.3-1.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-wallaby-tools-0:4.1.3-1.el5.noarch as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch"
},
"product_reference": "condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cumin-0:0.1.5444-3.el5.noarch as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch"
},
"product_reference": "cumin-0:0.1.5444-3.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cumin-0:0.1.5444-3.el5.src as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src"
},
"product_reference": "cumin-0:0.1.5444-3.el5.src",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-wallaby-0:0.12.5-10.el5.noarch as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch"
},
"product_reference": "python-wallaby-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-wallabyclient-0:4.1.3-1.el5.noarch as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch"
},
"product_reference": "python-wallabyclient-0:4.1.3-1.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-wallaby-0:0.12.5-10.el5.noarch as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch"
},
"product_reference": "ruby-wallaby-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-0:1.0-4.el5.i386 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386"
},
"product_reference": "sesame-0:1.0-4.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-0:1.0-4.el5.src as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src"
},
"product_reference": "sesame-0:1.0-4.el5.src",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-0:1.0-4.el5.x86_64 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64"
},
"product_reference": "sesame-0:1.0-4.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-debuginfo-0:1.0-4.el5.i386 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386"
},
"product_reference": "sesame-debuginfo-0:1.0-4.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-debuginfo-0:1.0-4.el5.x86_64 as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
},
"product_reference": "sesame-debuginfo-0:1.0-4.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wallaby-0:0.12.5-10.el5.noarch as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch"
},
"product_reference": "wallaby-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wallaby-0:0.12.5-10.el5.src as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src"
},
"product_reference": "wallaby-0:0.12.5-10.el5.src",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wallaby-utils-0:0.12.5-10.el5.noarch as a component of MRG Grid for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch"
},
"product_reference": "wallaby-utils-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-0:7.6.5-0.22.el5.i386 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-0:7.6.5-0.22.el5.src as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src"
},
"product_reference": "condor-0:7.6.5-0.22.el5.src",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-aviary-0:7.6.5-0.22.el5.i386 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-aviary-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-aviary-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-aviary-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-classads-0:7.6.5-0.22.el5.i386 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-classads-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-classads-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-classads-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-debuginfo-0:7.6.5-0.22.el5.i386 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-debuginfo-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-debuginfo-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-kbdd-0:7.6.5-0.22.el5.i386 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-kbdd-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-kbdd-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-qmf-0:7.6.5-0.22.el5.i386 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-qmf-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-qmf-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-qmf-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-vm-gahp-0:7.6.5-0.22.el5.i386 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386"
},
"product_reference": "condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-vm-gahp-0:7.6.5-0.22.el5.x86_64 as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64"
},
"product_reference": "condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-wallaby-0:4.1.3-1.el5.src as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src"
},
"product_reference": "condor-wallaby-0:4.1.3-1.el5.src",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-wallaby-base-db-0:1.23-1.el5.noarch as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch"
},
"product_reference": "condor-wallaby-base-db-0:1.23-1.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-wallaby-base-db-0:1.23-1.el5.src as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src"
},
"product_reference": "condor-wallaby-base-db-0:1.23-1.el5.src",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-wallaby-client-0:4.1.3-1.el5.noarch as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch"
},
"product_reference": "condor-wallaby-client-0:4.1.3-1.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "condor-wallaby-tools-0:4.1.3-1.el5.noarch as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch"
},
"product_reference": "condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-wallaby-0:0.12.5-10.el5.noarch as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch"
},
"product_reference": "python-wallaby-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-wallabyclient-0:4.1.3-1.el5.noarch as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch"
},
"product_reference": "python-wallabyclient-0:4.1.3-1.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-wallaby-0:0.12.5-10.el5.noarch as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch"
},
"product_reference": "ruby-wallaby-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wallaby-0:0.12.5-10.el5.noarch as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch"
},
"product_reference": "wallaby-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wallaby-0:0.12.5-10.el5.src as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src"
},
"product_reference": "wallaby-0:0.12.5-10.el5.src",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wallaby-utils-0:0.12.5-10.el5.noarch as a component of MRG Grid Execute Node for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch"
},
"product_reference": "wallaby-utils-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Grid-Execute-Node-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cumin-0:0.1.5444-3.el5.noarch as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch"
},
"product_reference": "cumin-0:0.1.5444-3.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cumin-0:0.1.5444-3.el5.src as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src"
},
"product_reference": "cumin-0:0.1.5444-3.el5.src",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-wallaby-0:0.12.5-10.el5.noarch as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch"
},
"product_reference": "python-wallaby-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-wallaby-0:0.12.5-10.el5.noarch as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch"
},
"product_reference": "ruby-wallaby-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-0:1.0-4.el5.i386 as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386"
},
"product_reference": "sesame-0:1.0-4.el5.i386",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-0:1.0-4.el5.src as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:sesame-0:1.0-4.el5.src"
},
"product_reference": "sesame-0:1.0-4.el5.src",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-0:1.0-4.el5.x86_64 as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64"
},
"product_reference": "sesame-0:1.0-4.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-debuginfo-0:1.0-4.el5.i386 as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386"
},
"product_reference": "sesame-debuginfo-0:1.0-4.el5.i386",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-debuginfo-0:1.0-4.el5.x86_64 as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
},
"product_reference": "sesame-debuginfo-0:1.0-4.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wallaby-0:0.12.5-10.el5.noarch as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch"
},
"product_reference": "wallaby-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wallaby-0:0.12.5-10.el5.src as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src"
},
"product_reference": "wallaby-0:0.12.5-10.el5.src",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wallaby-utils-0:0.12.5-10.el5.noarch as a component of MRG Management for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch"
},
"product_reference": "wallaby-utils-0:0.12.5-10.el5.noarch",
"relates_to_product_reference": "5Server-MRG-Management-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-0:1.0-4.el5.i386 as a component of Red Hat MRG Messaging for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386"
},
"product_reference": "sesame-0:1.0-4.el5.i386",
"relates_to_product_reference": "5Server-MRG-Messaging-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-0:1.0-4.el5.src as a component of Red Hat MRG Messaging for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src"
},
"product_reference": "sesame-0:1.0-4.el5.src",
"relates_to_product_reference": "5Server-MRG-Messaging-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-0:1.0-4.el5.x86_64 as a component of Red Hat MRG Messaging for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64"
},
"product_reference": "sesame-0:1.0-4.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Messaging-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-debuginfo-0:1.0-4.el5.i386 as a component of Red Hat MRG Messaging for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386"
},
"product_reference": "sesame-debuginfo-0:1.0-4.el5.i386",
"relates_to_product_reference": "5Server-MRG-Messaging-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sesame-debuginfo-0:1.0-4.el5.x86_64 as a component of Red Hat MRG Messaging for RHEL 5 Server v.2",
"product_id": "5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
},
"product_reference": "sesame-debuginfo-0:1.0-4.el5.x86_64",
"relates_to_product_reference": "5Server-MRG-Messaging-2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-2680",
"discovery_date": "2012-05-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "829421"
}
],
"notes": [
{
"category": "description",
"text": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) \"web pages,\" (2) \"export functionality,\" and (3) \"image viewing.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cumin: authentication bypass flaws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-2680"
},
{
"category": "external",
"summary": "RHBZ#829421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=829421"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-2680",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-2680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2680"
}
],
"release_date": "2012-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-09-19T17:33:00+00:00",
"details": "All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised\nto upgrade to these updated packages, which resolve the issues and add the\nenhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor\nand Cumin must be restarted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cumin: authentication bypass flaws"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-2681",
"discovery_date": "2012-05-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "827558"
}
],
"notes": [
{
"category": "description",
"text": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cumin: weak session keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-2681"
},
{
"category": "external",
"summary": "RHBZ#827558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=827558"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-2681",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-2681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2681"
}
],
"release_date": "2012-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-09-19T17:33:00+00:00",
"details": "All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised\nto upgrade to these updated packages, which resolve the issues and add the\nenhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor\nand Cumin must be restarted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cumin: weak session keys"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-2683",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2012-05-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "830243"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) \"error message displays\" or (2) \"in source HTML on certain pages.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cumin: multiple XSS flaws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-2683"
},
{
"category": "external",
"summary": "RHBZ#830243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=830243"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-2683",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-2683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2683"
}
],
"release_date": "2012-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-09-19T17:33:00+00:00",
"details": "All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised\nto upgrade to these updated packages, which resolve the issues and add the\nenhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor\nand Cumin must be restarted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cumin: multiple XSS flaws"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-2684",
"discovery_date": "2012-05-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "830245"
}
],
"notes": [
{
"category": "description",
"text": "Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cumin: SQL injection flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-2684"
},
{
"category": "external",
"summary": "RHBZ#830245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=830245"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-2684",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-2684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2684"
}
],
"release_date": "2012-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-09-19T17:33:00+00:00",
"details": "All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised\nto upgrade to these updated packages, which resolve the issues and add the\nenhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor\nand Cumin must be restarted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cumin: SQL injection flaw"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-2685",
"discovery_date": "2012-05-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "830248"
}
],
"notes": [
{
"category": "description",
"text": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cumin: DoS via large image requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-2685"
},
{
"category": "external",
"summary": "RHBZ#830248",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=830248"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-2685",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-2685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2685"
}
],
"release_date": "2012-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-09-19T17:33:00+00:00",
"details": "All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised\nto upgrade to these updated packages, which resolve the issues and add the\nenhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor\nand Cumin must be restarted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cumin: DoS via large image requests"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-2734",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2012-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "832124"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cumin: CSRF flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-2734"
},
{
"category": "external",
"summary": "RHBZ#832124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=832124"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-2734",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-2734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2734"
}
],
"release_date": "2012-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-09-19T17:33:00+00:00",
"details": "All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised\nto upgrade to these updated packages, which resolve the issues and add the\nenhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor\nand Cumin must be restarted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cumin: CSRF flaw"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-2735",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2012-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "832151"
}
],
"notes": [
{
"category": "description",
"text": "Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cumin: session fixation flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-2735"
},
{
"category": "external",
"summary": "RHBZ#832151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=832151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-2735",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-2735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2735"
}
],
"release_date": "2012-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-09-19T17:33:00+00:00",
"details": "All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised\nto upgrade to these updated packages, which resolve the issues and add the\nenhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor\nand Cumin must be restarted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cumin: session fixation flaw"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-3459",
"discovery_date": "2012-07-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "846501"
}
],
"notes": [
{
"category": "description",
"text": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cumin: allows for editing internal Condor job attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3459"
},
{
"category": "external",
"summary": "RHBZ#846501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=846501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3459",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3459"
}
],
"release_date": "2012-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-09-19T17:33:00+00:00",
"details": "All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised\nto upgrade to these updated packages, which resolve the issues and add the\nenhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor\nand Cumin must be restarted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cumin: allows for editing internal Condor job attributes"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-3491",
"discovery_date": "2012-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "848214"
}
],
"notes": [
{
"category": "description",
"text": "src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "condor: local users can abort any idle jobs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3491"
},
{
"category": "external",
"summary": "RHBZ#848214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3491",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3491"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3491",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3491"
}
],
"release_date": "2012-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-09-19T17:33:00+00:00",
"details": "All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised\nto upgrade to these updated packages, which resolve the issues and add the\nenhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor\nand Cumin must be restarted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 1.7,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "condor: local users can abort any idle jobs"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-3492",
"discovery_date": "2012-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "848218"
}
],
"notes": [
{
"category": "description",
"text": "The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user\u0027s authentication directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "condor: lock directories created mode 0777 allow for FS-based authentication challenge bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3492"
},
{
"category": "external",
"summary": "RHBZ#848218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3492",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3492"
}
],
"release_date": "2012-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-09-19T17:33:00+00:00",
"details": "All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised\nto upgrade to these updated packages, which resolve the issues and add the\nenhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor\nand Cumin must be restarted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "condor: lock directories created mode 0777 allow for FS-based authentication challenge bypass"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-3493",
"discovery_date": "2012-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "848222"
}
],
"notes": [
{
"category": "description",
"text": "The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "condor: GIVE_REQUEST_AD leaks privileged ClaimId information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3493"
},
{
"category": "external",
"summary": "RHBZ#848222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848222"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3493",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3493"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3493",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3493"
}
],
"release_date": "2012-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-09-19T17:33:00+00:00",
"details": "All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised\nto upgrade to these updated packages, which resolve the issues and add the\nenhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor\nand Cumin must be restarted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1278"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Grid-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Grid-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Grid-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Grid-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-aviary-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-classads-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-debuginfo-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-kbdd-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-qmf-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.i386",
"5Server-MRG-Grid-Execute-Node-2:condor-vm-gahp-0:7.6.5-0.22.el5.x86_64",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-0:4.1.3-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-base-db-0:1.23-1.el5.src",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-client-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:condor-wallaby-tools-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:python-wallabyclient-0:4.1.3-1.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Grid-Execute-Node-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Grid-Execute-Node-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.noarch",
"5Server-MRG-Management-2:cumin-0:0.1.5444-3.el5.src",
"5Server-MRG-Management-2:python-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:ruby-wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Management-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Management-2:sesame-debuginfo-0:1.0-4.el5.x86_64",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.noarch",
"5Server-MRG-Management-2:wallaby-0:0.12.5-10.el5.src",
"5Server-MRG-Management-2:wallaby-utils-0:0.12.5-10.el5.noarch",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.src",
"5Server-MRG-Messaging-2:sesame-0:1.0-4.el5.x86_64",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.i386",
"5Server-MRG-Messaging-2:sesame-debuginfo-0:1.0-4.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "condor: GIVE_REQUEST_AD leaks privileged ClaimId information"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.