CVE-2010-4179

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Messaging, Realtime and Grid (MRG) version 1.3

Description The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) recommends a configuration that creates a trusted channel with insufficient access control. This allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.

Recommendations For Red Hat Enterprise Messaging, Realtime and Grid (MRG) version 1.3, consider reconfiguring Condor to restrict the ability of local users to publish to a broker and run jobs as arbitrary users via Condor QMF plug-ins. As a temporary workaround, restrict access to the Condor QMF plug-ins to minimize the risk of exploitation.