CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2011-4930 – Condor: Multiple format string flaws
https://notcve.org/view.php?id=CVE-2011-4930
10 Feb 2014 — Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors. Múltiples vulnerabilidades de cade... • http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2009-5136
https://notcve.org/view.php?id=CVE-2009-5136
11 Oct 2013 — The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. La política de definición evaluadora en Condor anterior a la versión 7.4.2 no maneja adecuadamente atributos en una política WANT_SUSPEND que da como resultado un estado UNDEFINIED, lo que permite a usuarios remotos autenticados provocar una denegaci... • http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4255 – condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED
https://notcve.org/view.php?id=CVE-2013-4255
21 Aug 2013 — The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. La política de definición evaluadora en Condor 7.5.4, 8.0.0, y versiones anteriores no trata correctamente los atributos de una (1) PREEMPT, (2) SUSPEND, (3)... • http://rhn.redhat.com/errata/RHSA-2013-1171.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 39EXPL: 0CVE-2012-3416 – condor: host based authentication does not implement forward-confirmed reverse dns
https://notcve.org/view.php?id=CVE-2012-3416
25 Aug 2012 — Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname. Condor antes de v7.8.2 permite a atacantes remotos evitar la auntenticación basada en host y ejecutar acciones como ALLOW_ADMINISTRATOR o ALLOW_WRITE conectando desde un sistema con un hostname DNS inverso falsificado • http://osvdb.org/84766 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2009-4133 – Condor: queue super user cannot drop privs
https://notcve.org/view.php?id=CVE-2009-4133
23 Dec 2009 — Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute. Condor v6.5.4 hasta v7.2.4, v7.3.x, y v7.4.0, como el usado en MRG, Grid para MRG, y Grid Execute Node para MRG, permite a usuarios autenticados remotamente encolar tareas como un usuario de su elección, y de ese modo obtener priv... • http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018 •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2008-3829 – condor: denial of service attack on Schedd via corrupt logfile
https://notcve.org/view.php?id=CVE-2008-3829
08 Oct 2008 — Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors. Vulnerabilidad no especificada en el demonio (daemon) condor_ schedd de Condor anterior a v7.0.5, permite a los atacantes provocar una denegación de servicio (caída) a través de vectores desconocidos. • http://secunia.com/advisories/32189 •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2008-3830 – condor: allow or deny with overlapping netmasks may be ignored
https://notcve.org/view.php?id=CVE-2008-3830
08 Oct 2008 — Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions. Condor anterior a v7.0.5 no maneja adecuadamente cuando la configuración especifica un solapamiento de máscaras de red en las reglas de "alow" (permitir) o "deny" (denegar); esto provoca que se ignore la regla y permite a los atacantes evitar las restricciones de acceso pretendidas. • http://secunia.com/advisories/32189 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2008-3826 – condor: users can run jobs with arbitrary owners
https://notcve.org/view.php?id=CVE-2008-3826
08 Oct 2008 — Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors. Vulnerabilidad no especificada en Condor anterior a v7.0.5, permite a los atacantes ejecutar trabajos como si fueran otros usuarios, a través de vectores desconocidos. • http://secunia.com/advisories/32189 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2008-3828 – condor: buffer overflow in lookup_macro
https://notcve.org/view.php?id=CVE-2008-3828
08 Oct 2008 — Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. Desbordamiento de búfer basado en pila en el demonio (daemon) condor_schedd de Condor anterior a v7.0.5; permite a los atacantes provocar una denegación de servicio (caída) y puede que ejecutar código de su elección a través de vectores desconocidos. • http://secunia.com/advisories/32189 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 3%CPEs: 2EXPL: 0CVE-2008-3424 – condor: incorrect handling of wild cards in authorization lists
https://notcve.org/view.php?id=CVE-2008-3424
31 Jul 2008 — Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions. Condor versiones anteriores a la 7.0.4 no gestiona correctamente los caracteres especiales en las variables de configuración ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, o HOSTDENY_WRITE en los listas de políticas de autorización, lo cual podría permitir a los at... • http://secunia.com/advisories/31284 • CWE-863: Incorrect Authorization •