Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3424

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3424
Last Modified 07 Oct 2008 02:34:16
Published 31 Jul 2008 06:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3424

Summary

Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.

Vulnerable Systems

Application

  • Condor Project Condor 7.0.0

  • Condor Project Condor 7.0.1

  • Condor Project Condor 7.0.2

  • Condor Project Condor 7.0.3

  • Condor Project Condor 7.0.4


References

FEDORA - FEDORA-2008-7205

XF - condor-authpolicy-security-bypass(44063)

SECTRACK - 1020646

BID - 30440

REDHAT - RHSA-2008:0816

REDHAT - RHSA-2008:0814

CONFIRM - http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4

SECUNIA - 31459

SECUNIA - 31423

SECUNIA - 31284


Last Updated: 27 May 2016 10:48:12