Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3493

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-3493
Last Modified 03 Oct 2012 12:00:00
Published 28 Sep 2012 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3493

Summary

The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.

Vulnerable Systems

Application

  • Condor Project Condor 7.6.0

  • Condor Project Condor 7.6.1

  • Condor Project Condor 7.6.2

  • Condor Project Condor 7.6.3

  • Condor Project Condor 7.6.4

  • Condor Project Condor 7.6.5

  • Condor Project Condor 7.6.6

  • Condor Project Condor 7.6.7

  • Condor Project Condor 7.6.8

  • Condor Project Condor 7.6.9

  • Condor Project Condor 7.8.0

  • Condor Project Condor 7.8.1

  • Condor Project Condor 7.8.2

  • Condor Project Condor 7.8.3


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=848222

BID - 55632

MLIST - [oss-security] 20120920 Notification of upstream Condor security fixes

SECUNIA - 50666

REDHAT - RHSA-2012:1281

REDHAT - RHSA-2012:1278

CONFIRM - http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html

CONFIRM - http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html

CONFIRM - http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=d2f33972


Last Updated: 27 May 2016 11:00:50