// For flags

CVE-2013-4255

condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.

La política de definición evaluadora en Condor 7.5.4, 8.0.0, y versiones anteriores no trata correctamente los atributos de una (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, o (5) KILL política que evalua un estado No Configurado, Indefinido o estado de error, lo que permite a los usuarios remotos autenticados causar una denegación de servicio (salida condor_startd) a través de un trabajo manipulad

HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A denial of service flaw was found in the way HTCondor's policy definition evaluator processed certain policy definitions. If an administrator used an attribute defined on a job in a CONTINUE, KILL, PREEMPT, or SUSPEND condor_startd policy, a remote HTCondor service user could use this flaw to cause condor_startd to exit by submitting a job that caused such a policy definition to be evaluated to either the ERROR or UNDEFINED states.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-06-12 CVE Reserved
  • 2013-08-21 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Condor Project
Search vendor "Condor Project"
 Condor
Search vendor "Condor Project" for product "Condor"
 <= 8.0.0
Search vendor "Condor Project" for product "Condor" and version " <= 8.0.0"
-
Affected
Condor Project
Search vendor "Condor Project"
 Condor
Search vendor "Condor Project" for product "Condor"
 7.5.4
Search vendor "Condor Project" for product "Condor" and version "7.5.4"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Mrg
Search vendor "Redhat" for product "Enterprise Mrg"
 2.0
Search vendor "Redhat" for product "Enterprise Mrg" and version "2.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Mrg
Search vendor "Redhat" for product "Enterprise Mrg"
 2.1
Search vendor "Redhat" for product "Enterprise Mrg" and version "2.1"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Mrg
Search vendor "Redhat" for product "Enterprise Mrg"
 2.2
Search vendor "Redhat" for product "Enterprise Mrg" and version "2.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Mrg
Search vendor "Redhat" for product "Enterprise Mrg"
 2.3
Search vendor "Redhat" for product "Enterprise Mrg" and version "2.3"
-
Affected