PT-2009-6307 · University Of Wisconsin–Madison · Condor

Matthew Farrellee

Published

2009-12-23

Updated

2021-07-15

CVE-2009-4133

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Condor versions 6.5.4 through 7.2.4 Condor version 7.3.x Condor version 7.4.0

Description The issue allows remote authenticated users to queue jobs as an arbitrary user and gain privileges by modifying an unspecified job attribute using a Condor command-line tool.

Recommendations For Condor versions 6.5.4 through 7.2.4, consider restricting access to the command-line tool until a fix is available. For Condor version 7.3.x, restrict the ability to modify job attributes to prevent privilege escalation. For Condor version 7.4.0, limit the queueing of jobs to authorized users to mitigate the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2009-4133

RHSA-2009:1688

RHSA-2009:1689

Affected Products

Condor

PT-2009-6307 · University Of Wisconsin–Madison · Condor

CVE-2009-4133

Related Identifiers

Affected Products

References · 12