This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Condor Project First view 2008-07-31
Product Condor Last view 2013-10-11
Version 6.8.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:condor_project:condor

Activity : Overall

Related : CVE

  Date Alert Description
3.5 2013-10-11 CVE-2013-4255

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.

4 2013-10-11 CVE-2009-5136

The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.

10 2012-08-25 CVE-2012-3416

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.

6.5 2009-12-23 CVE-2009-4133

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.

7.2 2008-10-08 CVE-2008-3830

Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.

5 2008-10-08 CVE-2008-3829

Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors.

4.6 2008-10-08 CVE-2008-3828

Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

4.6 2008-10-08 CVE-2008-3826

Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors.

7.5 2008-07-31 CVE-2008-3424

Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.

CWE : Common Weakness Enumeration

%idName
42% (3) CWE-264 Permissions, Privileges, and Access Controls
28% (2) CWE-20 Improper Input Validation
14% (1) CWE-287 Improper Authentication
14% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-13 Subverting Environment Variable Values
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-51 Poison Web Service Registry
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-76 Manipulating Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-87 Forceful Browsing
CAPEC-104 Cross Zone Scripting

Open Source Vulnerability Database (OSVDB)

id Description
61246 Condor Job Management Restriction Bypass Arbitrary Command Execution
48983 Condor Allow/Deny Rules Overlapping Netmasks Access Restriction Bypass
48981 Condor condor_ schedd Daemon Unspecified DoS
48978 Condor condor_ schedd Daemon Unspecified Overflow
48977 Condor Unspecified Cross-user Job Execution
47215 Condor Authorization Policy Wildcard Character Handling Security Bypass

OpenVAS Exploits

id Description
2012-09-04 Name : Fedora Update for condor FEDORA-2012-12127
File : nvt/gb_fedora_2012_12127_condor_fc17.nasl
2010-01-15 Name : Fedora Update for condor FEDORA-2010-0213
File : nvt/gb_fedora_2010_0213_condor_fc12.nasl
2010-01-15 Name : Fedora Update for condor FEDORA-2010-0227
File : nvt/gb_fedora_2010_0227_condor_fc11.nasl
2009-12-30 Name : RedHat Security Advisory RHSA-2009:1688
File : nvt/RHSA_2009_1688.nasl
2009-12-30 Name : RedHat Security Advisory RHSA-2009:1689
File : nvt/RHSA_2009_1689.nasl
2009-02-17 Name : Fedora Update for condor FEDORA-2008-7205
File : nvt/gb_fedora_2008_7205_condor_fc9.nasl
2009-02-17 Name : Fedora Update for condor FEDORA-2008-8733
File : nvt/gb_fedora_2008_8733_condor_fc9.nasl

Nessus® Vulnerability Scanner

id Description
2014-07-22 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-1168.nasl - Type: ACT_GATHER_INFO
2014-07-22 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-1169.nasl - Type: ACT_GATHER_INFO
2014-07-22 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1171.nasl - Type: ACT_GATHER_INFO
2014-07-22 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1172.nasl - Type: ACT_GATHER_INFO
2012-09-04 Name: The remote Fedora host is missing a security update.
File: fedora_2012-12127.nasl - Type: ACT_GATHER_INFO
2010-02-25 Name: The remote Fedora host is missing a security update.
File: fedora_2010-0213.nasl - Type: ACT_GATHER_INFO
2010-02-25 Name: The remote Fedora host is missing a security update.
File: fedora_2010-0227.nasl - Type: ACT_GATHER_INFO
2008-10-10 Name: The remote Fedora host is missing a security update.
File: fedora_2008-8733.nasl - Type: ACT_GATHER_INFO
2008-08-14 Name: The remote Fedora host is missing a security update.
File: fedora_2008-7205.nasl - Type: ACT_GATHER_INFO