7 results (0.002 seconds)

CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0

The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job. El componente Standard Universe Shadow (condor_shadow.std) en Condor 7.7.3 hasta 7.7.6, 7.8.0 anterior a 7.8.5 y 7.9.0 no comprueba debidamente los privilegios, lo que permite a atacantes remotos ganar privilegios a través de un Standard Universe Job manipulado. • http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html http://secunia.com/advisories/51862 http://www.securityfocus.com/bid/57328 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. La política de definición evaluadora en Condor 7.5.4, 8.0.0, y versiones anteriores no trata correctamente los atributos de una (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, o (5) KILL política que evalua un estado No Configurado, Indefinido o estado de error, lo que permite a los usuarios remotos autenticados causar una denegación de servicio (salida condor_startd) a través de un trabajo manipulad • http://rhn.redhat.com/errata/RHSA-2013-1171.html http://rhn.redhat.com/errata/RHSA-2013-1172.html https://bugzilla.redhat.com/show_bug.cgi?id=919401 https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786 https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829 https://access.redhat.com/security/cve/CVE-2013-4255 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0

Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls." Múltiples vulnerabilidades no especificadas en Condor v7.6.x antes de v7.6.10 y v7.8.x antes de v7.8.4 tienen vectores de ataque desconocidos y un impacto relacionado con "la comprobación de errores de llamadas al sistema." • http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/78974 •

CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0

Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors. Múltiples desbordamientos de búfer en Condor v7.6.x antes de v7.6.10 y v7.8.x antes de v7.8.4 tienen un impacto y vectores de ataque desconocidos. • http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/78975 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0

src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors. src/condor_schedd.V6/schedd.cpp en Condor v7.6.x antes de v7.6.10 y v7.8.x antes de v7.8.4 no comprueba correctamente los permisos de los trabajos (jobs), lo que permite a usuarios remotos autenticados, eliminar los trabajos (jobs) de su elección a través de vectores no especificados. • http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1fff5d40 http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50666 http://www.openwall.com/lists/oss-security/2012/09/20/9 http://www.securityfocus.com/bid/55632 https://bugzilla.r • CWE-264: Permissions, Privileges, and Access Controls •