CVE-2011-4930

Name of the Vulnerable Software and Affected Versions Condor versions 7.2.0 through 7.6.4 Condor versions 7.7.x

Description The issue allows local users to cause a denial of service, affecting the condor schedd daemon and potentially preventing job launches. It may also be possible for attackers to execute arbitrary code. This is achieved through format string specifiers in various vectors, including the reason for a hold for a job that uses an XML user log and the filename of a file to be transferred.

Recommendations For Condor versions 7.2.0 through 7.6.4, update to a version outside of this range to mitigate the risk. For Condor versions 7.7.x, ensure that any format string specifiers in job holds and file transfers are properly sanitized to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.