CVE-2011-4930
Condor: Multiple format string flaws
Severity Score
4.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
Múltiples vulnerabilidades de cadena de formato en Condor 7.2.0 hasta 7.6.4 y posiblemente ciertas versiones 7.7.x, como las utilizadas en Red Hat MRG Grid y posiblemente otros productos, permiten a usuarios locales causar una denegación de servicio (demonio condor_schedd y fallo en el lanzamiento de trabajos) y posiblemente ejecutar código arbitrario a través de una cadena de especificadores de formato en (1) la razón de un retraso en un trabajo que utiliza un registro de usuario XML, (2) el nombre de un archivo pendiente de transferir y posiblemente otros vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-12-23 CVE Reserved
- 2012-02-07 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867 | X_refsource_misc | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264 | X_refsource_misc | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429 | X_refsource_confirm | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2012-0099.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2012-0100.html | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=759548 | 2012-02-06 | |
| https://access.redhat.com/security/cve/CVE-2011-4930 | 2012-02-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.2.0 Search vendor "Condor Project" for product "Condor" and version "7.2.0" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.2.1 Search vendor "Condor Project" for product "Condor" and version "7.2.1" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.2.2 Search vendor "Condor Project" for product "Condor" and version "7.2.2" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.2.3 Search vendor "Condor Project" for product "Condor" and version "7.2.3" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.2.4 Search vendor "Condor Project" for product "Condor" and version "7.2.4" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.2.5 Search vendor "Condor Project" for product "Condor" and version "7.2.5" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.3.0 Search vendor "Condor Project" for product "Condor" and version "7.3.0" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.3.1 Search vendor "Condor Project" for product "Condor" and version "7.3.1" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.3.2 Search vendor "Condor Project" for product "Condor" and version "7.3.2" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.4.0 Search vendor "Condor Project" for product "Condor" and version "7.4.0" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.4.1 Search vendor "Condor Project" for product "Condor" and version "7.4.1" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.4.2 Search vendor "Condor Project" for product "Condor" and version "7.4.2" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.5.4 Search vendor "Condor Project" for product "Condor" and version "7.5.4" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.6.0 Search vendor "Condor Project" for product "Condor" and version "7.6.0" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.6.1 Search vendor "Condor Project" for product "Condor" and version "7.6.1" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.6.2 Search vendor "Condor Project" for product "Condor" and version "7.6.2" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.6.3 Search vendor "Condor Project" for product "Condor" and version "7.6.3" | - |
Affected
| ||||||
| Condor Project Search vendor "Condor Project" | Condor Search vendor "Condor Project" for product "Condor" | 7.6.4 Search vendor "Condor Project" for product "Condor" and version "7.6.4" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 15 Search vendor "Fedoraproject" for product "Fedora" and version "15" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 16 Search vendor "Fedoraproject" for product "Fedora" and version "16" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg" | 1.3 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg" | 2.0 Search vendor "Redhat" for product "Enterprise Mrg" and version "2.0" | - |
Affected
| ||||||