Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3491

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-3491
Last Modified 03 Oct 2012 12:00:00
Published 28 Sep 2012 01:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-3491

Summary

src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.

Vulnerable Systems

Application

  • Condor Project Condor 7.6.0

  • Condor Project Condor 7.6.1

  • Condor Project Condor 7.6.2

  • Condor Project Condor 7.6.3

  • Condor Project Condor 7.6.4

  • Condor Project Condor 7.6.5

  • Condor Project Condor 7.6.6

  • Condor Project Condor 7.6.7

  • Condor Project Condor 7.6.8

  • Condor Project Condor 7.6.9

  • Condor Project Condor 7.8.0

  • Condor Project Condor 7.8.1

  • Condor Project Condor 7.8.2

  • Condor Project Condor 7.8.3


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=848214

BID - 55632

MLIST - [oss-security] 20120920 Notification of upstream Condor security fixes

SECUNIA - 50666

REDHAT - RHSA-2012:1281

REDHAT - RHSA-2012:1278

CONFIRM - http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html

CONFIRM - http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html

CONFIRM - http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1fff5d40


Last Updated: 27 May 2016 11:00:50