CVSS: 4.0EPSS: 0%CPEs: 10EXPL: 0CVE-2009-5136
https://notcve.org/view.php?id=CVE-2009-5136
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. La política de definición evaluadora en Condor anterior a la versión 7.4.2 no maneja adecuadamente atributos en una política WANT_SUSPEND que da como resultado un estado UNDEFINIED, lo que permite a usuarios remotos autenticados provocar una denegación de servicio (condor_startd exit) a través de un trabajo manipulado. • http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html http://rhn.redhat.com/errata/RHSA-2010-0773.html https://bugzilla.redhat.com/show_bug.cgi?id=540545 https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4255 – condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED
https://notcve.org/view.php?id=CVE-2013-4255
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. La política de definición evaluadora en Condor 7.5.4, 8.0.0, y versiones anteriores no trata correctamente los atributos de una (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, o (5) KILL política que evalua un estado No Configurado, Indefinido o estado de error, lo que permite a los usuarios remotos autenticados causar una denegación de servicio (salida condor_startd) a través de un trabajo manipulad • http://rhn.redhat.com/errata/RHSA-2013-1171.html http://rhn.redhat.com/errata/RHSA-2013-1172.html https://bugzilla.redhat.com/show_bug.cgi?id=919401 https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786 https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829 https://access.redhat.com/security/cve/CVE-2013-4255 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 39EXPL: 0CVE-2012-3416 – condor: host based authentication does not implement forward-confirmed reverse dns
https://notcve.org/view.php?id=CVE-2012-3416
Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname. Condor antes de v7.8.2 permite a atacantes remotos evitar la auntenticación basada en host y ejecutar acciones como ALLOW_ADMINISTRATOR o ALLOW_WRITE conectando desde un sistema con un hostname DNS inverso falsificado • http://osvdb.org/84766 http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html http://rhn.redhat.com/errata/RHSA-2012-1168.html http://rhn.redhat.com/errata/RHSA-2012-1169.html http://secunia.com/advisories/50246 http://secunia.com/advisories/50294 http://www.securityfocus.com/bid/55032 http://www.securitytracker.com/id?1027395 https://exchange.xforce.ibmcloud.com/vulnerabilities/77748 https://access.redhat.com/security/cve/CVE-2012-3416 https://b • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 33EXPL: 0CVE-2009-4133 – Condor: queue super user cannot drop privs
https://notcve.org/view.php?id=CVE-2009-4133
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute. Condor v6.5.4 hasta v7.2.4, v7.3.x, y v7.4.0, como el usado en MRG, Grid para MRG, y Grid Execute Node para MRG, permite a usuarios autenticados remotamente encolar tareas como un usuario de su elección, y de ese modo obtener privilegios, usando una herramienta de línea de commandos Condor para modificar un atributo de tarea no especificado. • http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018 http://secunia.com/advisories/37766 http://secunia.com/advisories/37803 http://securitytracker.com/id?1023378 http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000 http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html http://www.redhat.com/support/errata/RHSA-2009-1688.html http://www.redhat.com/support/errata/RHSA-2009-1689.html http://www.securityfocus.com/bid& •
CVSS: 4.6EPSS: 0%CPEs: 15EXPL: 0CVE-2008-3826 – condor: users can run jobs with arbitrary owners
https://notcve.org/view.php?id=CVE-2008-3826
Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors. Vulnerabilidad no especificada en Condor anterior a v7.0.5, permite a los atacantes ejecutar trabajos como si fueran otros usuarios, a través de vectores desconocidos. • http://secunia.com/advisories/32189 http://secunia.com/advisories/32193 http://secunia.com/advisories/32232 http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000 http://www.redhat.com/support/errata/RHSA-2008-0911.html http://www.redhat.com/support/errata/RHSA-2008-0924.html http://www.securityfocus.com/bid/31621 http://www.securitytracker.com/id?1021002 http://www.vupen.com/english/advisories/2008/2760 https://www.redhat.com/archives/f • CWE-264: Permissions, Privileges, and Access Controls •