CVE-2014-8126: Input Validation
First published: Tue Dec 02 2014(Updated: )
The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user. Acknowledgements: This issue was discovered by Florian Weimer of Red Hat Product Security.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/condor | <8.2.6 | 8.2.6 |
| Wisc Htcondor | <8.2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2015-0035.html
- http://rhn.redhat.com/errata/RHSA-2015-0036.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1169800
- https://www-auth.cs.wisc.edu/lists/htcondor-users/2015-January/msg00034.shtml
- https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=4764
- https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=41878
- https://github.com/htcondor/htcondor/commit/e891cea9970496aac74caf72604475a2b7e6a0ca.patch
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=977841&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=977841&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1181291
- https://rhn.redhat.com/errata/RHSA-2015-0036.html
- https://rhn.redhat.com/errata/RHSA-2015-0035.html
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-8126
- agent/software-canonical-lookup
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/tags
- agent/event
- agent/trending
- vendor/wisc
- canonical/wisc htcondor
- package-manager/redhat