CVE-2011-4930
First published: Fri Dec 02 2011(Updated: )
Multiple format string flaws were found in Condor: a) when the XML message log format was requested in Condor submit job by remote Condor user and that user attempted to write a specially-crafted message into user log file via condor_hold tool it could lead to condor_schedd daemon crash, or, potentially arbitrary code execution with the privileges of the 'condor' user [*]. Also this way an attacker could potentially prevent other Condor jobs from being scheduled and ever executed, b) request for file transfer by remote Condor user to transmit a file, with specially-crafted name, could lead to child process of condor_schedd daemon to crash (repeated process, where condor_schedd daemon would fork a child process to handle the request, the child to crash, while trying to handle it and condor_schedd daemon to fork another child since the particular Condor job still have not been completed successfully). Upstream bug report (mentioning only one attack vector): [1] <a href="https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660">https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660</a> General upstream patch (addressing among these flaws also couple of compiler warning problems): [2] <a href="http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=5e5571d1a431eb3c61977b6dd6ec90186ef79867">http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=5e5571d1a431eb3c61977b6dd6ec90186ef79867</a> -- [*] Arbitrary code execution was possible only on systems, where Condor daemons were not compiled with FORTIFY_SOURCE protection mechanism. On systems with this protection enabled, particular flaw would lead to Condor service crash only.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HTCondor | =7.6.1 | |
| HTCondor | =7.2.3 | |
| Fedora | =16 | |
| HTCondor | =7.5.4 | |
| HTCondor | =7.6.3 | |
| HTCondor | =7.6.0 | |
| HTCondor | =7.3.2 | |
| HTCondor | =7.2.1 | |
| HTCondor | =7.2.0 | |
| HTCondor | =7.4.1 | |
| HTCondor | =7.3.0 | |
| HTCondor | =7.4.2 | |
| HTCondor | =7.2.2 | |
| HTCondor | =7.6.4 | |
| HTCondor | =7.6.2 | |
| Fedora | =15 | |
| HTCondor | =7.2.5 | |
| HTCondor | =7.4.0 | |
| HTCondor | =7.3.1 | |
| HTCondor | =7.2.4 | |
| Red Hat Enterprise MRG | =1.3 | |
| Red Hat Enterprise MRG | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2012-0100.html
- https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264
- https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660
- http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html
- https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429
- http://rhn.redhat.com/errata/RHSA-2012-0099.html
- https://bugzilla.redhat.com/show_bug.cgi?id=759548
- https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867
- https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660
- http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=5e5571d1a431eb3c61977b6dd6ec90186ef79867
- https://access.redhat.com/security/cve/CVE-2011-4930
- http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0001.html
- https://rhn.redhat.com/errata/RHSA-2012-0100.html
- https://rhn.redhat.com/errata/RHSA-2012-0099.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=787804
Frequently Asked Questions
What is the severity of CVE-2011-4930?
CVE-2011-4930 is classified as having a moderate severity level due to potential crashes of the condor_schedd daemon.
How do I fix CVE-2011-4930?
To fix CVE-2011-4930, upgrade Condor to version 7.6.0 or later, as the vulnerability has been addressed in these releases.
What versions of Condor are affected by CVE-2011-4930?
CVE-2011-4930 affects Condor versions 7.2.0 through 7.5.4.
What type of vulnerability is CVE-2011-4930?
CVE-2011-4930 is a format string vulnerability that could lead to crashes of the Condor scheduling daemon.
Who is impacted by CVE-2011-4930?
Users of the affected Condor versions, especially those executing jobs via the condor_hold tool, are impacted by CVE-2011-4930.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-4930
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/condor project
- canonical/htcondor
- version/htcondor/7.6.1
- version/htcondor/7.2.3
- vendor/fedoraproject
- canonical/fedora
- version/fedora/16
- version/htcondor/7.5.4
- version/htcondor/7.6.3
- version/htcondor/7.6.0
- version/htcondor/7.3.2
- version/htcondor/7.2.1
- version/htcondor/7.2.0
- version/htcondor/7.4.1
- version/htcondor/7.3.0
- version/htcondor/7.4.2
- version/htcondor/7.2.2
- version/htcondor/7.6.4
- version/htcondor/7.6.2
- version/fedora/15
- version/htcondor/7.2.5
- version/htcondor/7.4.0
- version/htcondor/7.3.1
- version/htcondor/7.2.4
- vendor/redhat
- canonical/red hat enterprise mrg
- version/red hat enterprise mrg/1.3
- version/red hat enterprise mrg/2.0