CVE-2013-4255

condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED

Severity Score

3.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.

La política de definición evaluadora en Condor 7.5.4, 8.0.0, y versiones anteriores no trata correctamente los atributos de una (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, o (5) KILL política que evalua un estado No Configurado, Indefinido o estado de error, lo que permite a los usuarios remotos autenticados causar una denegación de servicio (salida condor_startd) a través de un trabajo manipulad

*Credits: N/A

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-06-12 CVE Reserved
2013-08-21 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (6)

URL	Tag	Source
https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786	X_refsource_confirm
https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2013-1171.html	2021-07-15
http://rhn.redhat.com/errata/RHSA-2013-1172.html	2021-07-15
https://bugzilla.redhat.com/show_bug.cgi?id=919401	2013-08-21
https://access.redhat.com/security/cve/CVE-2013-4255	2013-08-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Condor Project Search vendor "Condor Project"		Condor Search vendor "Condor Project" for product "Condor"				<= 8.0.0 Search vendor "Condor Project" for product "Condor" and version " <= 8.0.0"		-		Affected
Condor Project Search vendor "Condor Project"		Condor Search vendor "Condor Project" for product "Condor"				7.5.4 Search vendor "Condor Project" for product "Condor" and version "7.5.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"				2.0 Search vendor "Redhat" for product "Enterprise Mrg" and version "2.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"				2.1 Search vendor "Redhat" for product "Enterprise Mrg" and version "2.1"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"				2.2 Search vendor "Redhat" for product "Enterprise Mrg" and version "2.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"				2.3 Search vendor "Redhat" for product "Enterprise Mrg" and version "2.3"		-		Affected