PT-2009-6307 · University Of Wisconsin–Madison · Condor

Matthew Farrellee

Publicado

2009-12-23

Atualizado

2021-07-15

CVE-2009-4133

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Condor versions 6.5.4 through 7.2.4 Condor version 7.3.x Condor version 7.4.0

Description The issue allows remote authenticated users to queue jobs as an arbitrary user and gain privileges by modifying an unspecified job attribute using a Condor command-line tool.

Recommendations For Condor versions 6.5.4 through 7.2.4, consider restricting access to the command-line tool until a fix is available. For Condor version 7.3.x, restrict the ability to modify job attributes to prevent privilege escalation. For Condor version 7.4.0, limit the queueing of jobs to authorized users to mitigate the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2009-4133

RHSA-2009:1688

RHSA-2009:1689

Produtos afetados

Condor

PT-2009-6307 · University Of Wisconsin–Madison · Condor

CVE-2009-4133

Identificadores relacionados

Produtos afetados

Referências · 12