CVE-2011-4930
First published: Fri Dec 02 2011(Updated: )
Multiple format string flaws were found in Condor: a) when the XML message log format was requested in Condor submit job by remote Condor user and that user attempted to write a specially-crafted message into user log file via condor_hold tool it could lead to condor_schedd daemon crash, or, potentially arbitrary code execution with the privileges of the 'condor' user [*]. Also this way an attacker could potentially prevent other Condor jobs from being scheduled and ever executed, b) request for file transfer by remote Condor user to transmit a file, with specially-crafted name, could lead to child process of condor_schedd daemon to crash (repeated process, where condor_schedd daemon would fork a child process to handle the request, the child to crash, while trying to handle it and condor_schedd daemon to fork another child since the particular Condor job still have not been completed successfully). Upstream bug report (mentioning only one attack vector): [1] <a href="https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660">https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660</a> General upstream patch (addressing among these flaws also couple of compiler warning problems): [2] <a href="http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=5e5571d1a431eb3c61977b6dd6ec90186ef79867">http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=5e5571d1a431eb3c61977b6dd6ec90186ef79867</a> -- [*] Arbitrary code execution was possible only on systems, where Condor daemons were not compiled with FORTIFY_SOURCE protection mechanism. On systems with this protection enabled, particular flaw would lead to Condor service crash only.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Condor Project Condor | =7.6.1 | |
| Condor Project Condor | =7.2.3 | |
| Fedoraproject Fedora | =16 | |
| Condor Project Condor | =7.5.4 | |
| Condor Project Condor | =7.6.3 | |
| Condor Project Condor | =7.6.0 | |
| Condor Project Condor | =7.3.2 | |
| Condor Project Condor | =7.2.1 | |
| Condor Project Condor | =7.2.0 | |
| Condor Project Condor | =7.4.1 | |
| Condor Project Condor | =7.3.0 | |
| Condor Project Condor | =7.4.2 | |
| Condor Project Condor | =7.2.2 | |
| Condor Project Condor | =7.6.4 | |
| Condor Project Condor | =7.6.2 | |
| Fedoraproject Fedora | =15 | |
| Condor Project Condor | =7.2.5 | |
| Condor Project Condor | =7.4.0 | |
| Condor Project Condor | =7.3.1 | |
| Condor Project Condor | =7.2.4 | |
| Redhat Enterprise Mrg | =1.3 | |
| Redhat Enterprise Mrg | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2012-0100.html
- https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264
- https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660
- http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html
- https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429
- http://rhn.redhat.com/errata/RHSA-2012-0099.html
- https://bugzilla.redhat.com/show_bug.cgi?id=759548
- https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867
- https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660
- http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=5e5571d1a431eb3c61977b6dd6ec90186ef79867
- https://access.redhat.com/security/cve/CVE-2011-4930
- http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0001.html
- https://rhn.redhat.com/errata/RHSA-2012-0100.html
- https://rhn.redhat.com/errata/RHSA-2012-0099.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=787804
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-4930
- vendor/condor project
- canonical/condor project condor
- version/condor project condor/7.6.1
- version/condor project condor/7.2.3
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/16
- version/condor project condor/7.5.4
- version/condor project condor/7.6.3
- version/condor project condor/7.6.0
- version/condor project condor/7.3.2
- version/condor project condor/7.2.1
- version/condor project condor/7.2.0
- version/condor project condor/7.4.1
- version/condor project condor/7.3.0
- version/condor project condor/7.4.2
- version/condor project condor/7.2.2
- version/condor project condor/7.6.4
- version/condor project condor/7.6.2
- version/fedoraproject fedora/15
- version/condor project condor/7.2.5
- version/condor project condor/7.4.0
- version/condor project condor/7.3.1
- version/condor project condor/7.2.4
- vendor/redhat
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/1.3
- version/redhat enterprise mrg/2.0