CVE-2009-4133
First published: Fri Dec 04 2009(Updated: )
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/condor 7.4.1 | <0.7.1 | 0.7.1 |
| redhat/condor | <0:7.4.1-0.7.1.el4 | 0:7.4.1-0.7.1.el4 |
| redhat/condor | <0:7.4.1-0.7.1.el5 | 0:7.4.1-0.7.1.el5 |
| wisc HTCondor | =6.5.4 | |
| wisc HTCondor | =6.8.0 | |
| wisc HTCondor | =6.8.1 | |
| wisc HTCondor | =6.8.2 | |
| wisc HTCondor | =6.8.3 | |
| wisc HTCondor | =6.8.4 | |
| wisc HTCondor | =6.8.5 | |
| wisc HTCondor | =6.8.6 | |
| wisc HTCondor | =6.8.7 | |
| wisc HTCondor | =6.8.8 | |
| wisc HTCondor | =6.8.9 | |
| wisc HTCondor | =7.0.0 | |
| wisc HTCondor | =7.0.1 | |
| wisc HTCondor | =7.0.2 | |
| wisc HTCondor | =7.0.3 | |
| wisc HTCondor | =7.0.4 | |
| wisc HTCondor | =7.0.5 | |
| wisc HTCondor | =7.0.6 | |
| wisc HTCondor | =7.1.0 | |
| wisc HTCondor | =7.1.1 | |
| wisc HTCondor | =7.1.2 | |
| wisc HTCondor | =7.1.3 | |
| wisc HTCondor | =7.1.4 | |
| wisc HTCondor | =7.2.0 | |
| wisc HTCondor | =7.2.1 | |
| wisc HTCondor | =7.2.2 | |
| wisc HTCondor | =7.2.3 | |
| wisc HTCondor | =7.2.4 | |
| wisc HTCondor | =7.3.0 | |
| wisc HTCondor | =7.3.1 | |
| wisc HTCondor | =7.3.2 | |
| wisc HTCondor | =7.4.0 | |
| redhat enterprise MRG | =1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2009-1689.html
- http://www.redhat.com/support/errata/RHSA-2009-1688.html
- http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000
- http://securitytracker.com/id?1023378
- https://bugzilla.redhat.com/show_bug.cgi?id=544371
- http://www.securityfocus.com/bid/37443
- http://secunia.com/advisories/37766
- http://secunia.com/advisories/37803
- http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html
- http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54984
- https://access.redhat.com/security/cve/CVE-2009-4133
- https://rhn.redhat.com/errata/RHSA-2009-1688.html
- https://rhn.redhat.com/errata/RHSA-2009-1689.html
- https://www.cve.org/CVERecord?id=CVE-2009-4133 https://nvd.nist.gov/vuln/detail/CVE-2009-4133
- https://access.redhat.com/errata/RHSA-2009:1688
- https://access.redhat.com/errata/RHSA-2009:1689
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4133.json
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-4133
- agent/software-canonical-lookup
- collector/redhat-cve
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/condor project
- canonical/wisc htcondor
- version/wisc htcondor/6.5.4
- version/wisc htcondor/6.8.0
- version/wisc htcondor/6.8.1
- version/wisc htcondor/6.8.2
- version/wisc htcondor/6.8.3
- version/wisc htcondor/6.8.4
- version/wisc htcondor/6.8.5
- version/wisc htcondor/6.8.6
- version/wisc htcondor/6.8.7
- version/wisc htcondor/6.8.8
- version/wisc htcondor/6.8.9
- version/wisc htcondor/7.0.0
- version/wisc htcondor/7.0.1
- version/wisc htcondor/7.0.2
- version/wisc htcondor/7.0.3
- version/wisc htcondor/7.0.4
- version/wisc htcondor/7.0.5
- version/wisc htcondor/7.0.6
- version/wisc htcondor/7.1.0
- version/wisc htcondor/7.1.1
- version/wisc htcondor/7.1.2
- version/wisc htcondor/7.1.3
- version/wisc htcondor/7.1.4
- version/wisc htcondor/7.2.0
- version/wisc htcondor/7.2.1
- version/wisc htcondor/7.2.2
- version/wisc htcondor/7.2.3
- version/wisc htcondor/7.2.4
- version/wisc htcondor/7.3.0
- version/wisc htcondor/7.3.1
- version/wisc htcondor/7.3.2
- version/wisc htcondor/7.4.0
- vendor/redhat
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/1.2