Condor Bugs Let Local Users Gain Elevated Privileges or Deny Service
|
|
SecurityTracker Alert ID: 1021002 |
|
SecurityTracker URL: http://securitytracker.com/id/1021002
|
|
CVE Reference:
CVE-2008-3826, CVE-2008-3828, CVE-2008-3829, CVE-2008-3830
(Links to External Site)
|
Date: Oct 8 2008
|
Impact:
Denial of service via local system, Execution of arbitrary code via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7.1 prior to 7.1.3
|
Description:
Several vulnerabilities were reported in Condor. A local user can obtain elevated privileges on the target system. A local user can cause denial of service conditions.
A local user can submit a job to cause the job to run with different user privileges [CVE-2008-3826].
A local user with privileges to submit a job can trigger a stack overflow in the condor_schedd daemon [CVE-2008-3828].
A local user with privileges to submit a job can cause the condor_schedd daemon to crash [CVE-2008-3829].
If a configuration file contains an overlapping netmask in the allow or deny rules, the rule may be ignored [CVE-2008-3830].
|
Impact:
A local user can obtain condor_schedd daemon privileges on the target system.
A local user can run jobs with the privileges of another user.
A local user can cause the condor_schedd daemon to crash.
|
Solution:
The vendor has issued a fixed version (7.0.5, 7.1.3).
The vendor's advisory is available at:
http://www.cs.wisc.edu/condor/manual/v7.1/8_4Stable_Release.html#sec:New-7-0-5
|
Vendor URL: www.cs.wisc.edu/condor/ (Links to External Site)
|
Cause:
Access control error, Boundary error, State error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
