Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3416

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-3416
Last Modified 03 Oct 2012 12:00:00
Published 25 Aug 2012 06:29:50
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3416

Summary

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.

Vulnerable Systems

Application

  • Condor Project Condor 6.5.4

  • Condor Project Condor 6.8.0

  • Condor Project Condor 6.8.1

  • Condor Project Condor 6.8.2

  • Condor Project Condor 6.8.3

  • Condor Project Condor 6.8.4

  • Condor Project Condor 6.8.5

  • Condor Project Condor 6.8.6

  • Condor Project Condor 6.8.7

  • Condor Project Condor 6.8.8

  • Condor Project Condor 6.8.9

  • Condor Project Condor 7.0.0

  • Condor Project Condor 7.0.1

  • Condor Project Condor 7.0.2

  • Condor Project Condor 7.0.3

  • Condor Project Condor 7.0.4

  • Condor Project Condor 7.0.5

  • Condor Project Condor 7.0.6

  • Condor Project Condor 7.00

  • Condor Project Condor 7.01

  • Condor Project Condor 7.02

  • Condor Project Condor 7.03

  • Condor Project Condor 7.1.0

  • Condor Project Condor 7.1.1

  • Condor Project Condor 7.1.2

  • Condor Project Condor 7.1.3

  • Condor Project Condor 7.1.4

  • Condor Project Condor 7.2.0

  • Condor Project Condor 7.2.1

  • Condor Project Condor 7.2.2

  • Condor Project Condor 7.2.3

  • Condor Project Condor 7.2.4

  • Condor Project Condor 7.3.0

  • Condor Project Condor 7.3.1

  • Condor Project Condor 7.3.2

  • Condor Project Condor 7.4.0

  • Condor Project Condor 7.4.1

  • Condor Project Condor 7.8.0

  • Condor Project Condor 7.8.1


References

XF - condor-reverse-dns-security-bypass(77748)

SECTRACK - 1027395

BID - 55032

SECUNIA - 50294

SECUNIA - 50246

REDHAT - RHSA-2012:1169

REDHAT - RHSA-2012:1168

CONFIRM - http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html

OSVDB - 84766


Last Updated: 27 May 2016 11:00:34