Condor Host-based Access Controls Can Be Bypased By Remote Users
|
|
SecurityTracker Alert ID: 1027395 |
|
SecurityTracker URL: http://securitytracker.com/id/1027395
|
|
CVE Reference:
CVE-2012-3416
(Links to External Site)
|
Date: Aug 14 2012
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 7.8.2
|
Description:
A vulnerability was reported in Condor. A remote user can bypass host-based access controls.
On systems that use host-based authentication, a remote user with control over the reverse-DNS entry of an IP host can bypass the target site's host-based authentication and perform privileged actions (e.g., ALLOW_ADMINISTRATOR or ALLOW_WRITE privileged actions).
Ken Hahn and Dan Bradley reported this vulnerability.
|
Impact:
A remote user can bypass host-based access controls.
|
Solution:
The vendor has issued a fix (7.8.2).
|
Vendor URL: research.cs.wisc.edu/condor/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 14 Aug 2012 20:05:54 +0000
Subject: Condor
|
CVE-2012-3416
|
|
