CVE-2008-3828 – condor: buffer overflow in lookup_macro
https://notcve.org/view.php?id=CVE-2008-3828
Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. Desbordamiento de búfer basado en pila en el demonio (daemon) condor_schedd de Condor anterior a v7.0.5; permite a los atacantes provocar una denegación de servicio (caída) y puede que ejecutar código de su elección a través de vectores desconocidos. • http://secunia.com/advisories/32189 http://secunia.com/advisories/32193 http://secunia.com/advisories/32232 http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000 http://www.redhat.com/support/errata/RHSA-2008-0911.html http://www.redhat.com/support/errata/RHSA-2008-0924.html http://www.securityfocus.com/bid/31621 http://www.securitytracker.com/id?1021002 http://www.vupen.com/english/advisories/2008/2760 https://www.redhat.com/archives/f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3424 – condor: incorrect handling of wild cards in authorization lists
https://notcve.org/view.php?id=CVE-2008-3424
Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions. Condor versiones anteriores a la 7.0.4 no gestiona correctamente los caracteres especiales en las variables de configuración ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, o HOSTDENY_WRITE en los listas de políticas de autorización, lo cual podría permitir a los atacantes remotos saltarse las restricciones de acceso previstas. • http://secunia.com/advisories/31284 http://secunia.com/advisories/31423 http://secunia.com/advisories/31459 http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4 http://www.redhat.com/support/errata/RHSA-2008-0814.html http://www.redhat.com/support/errata/RHSA-2008-0816.html http://www.securityfocus.com/bid/30440 http://www.securitytracker.com/id?1020646 https://exchange.xforce.ibmcloud.com/vulnerabilities/44063 https://www.redhat.com/archives • CWE-863: Incorrect Authorization •