CVE-2013-4255

Name of the Vulnerable Software and Affected Versions Condor versions 7.5.4 and earlier, 8.0.0

Description The policy definition evaluator does not properly handle attributes in certain policies that evaluate to an Unconfigured, Undefined, or Error state. This allows remote authenticated users to cause a denial of service via a crafted job, resulting in the condor startd exit.

Recommendations For Condor versions 7.5.4 and earlier, 8.0.0, consider disabling the policy definition evaluator for PREEMPT, SUSPEND, CONTINUE, WANT VACATE, or KILL policies until a patch is available. Restrict access to crafted jobs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.