ID CVE-2008-3830 Type cve Reporter cve@mitre.org Modified 2011-03-08T03:11:00
Description
Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.
{"nessus": [{"lastseen": "2019-11-01T02:26:39", "bulletinFamily": "scanner", "description": "Security update, fixes security issues rebasing on 7.0.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2008-8733.NASL", "href": "https://www.tenable.com/plugins/nessus/34378", "published": "2008-10-10T00:00:00", "title": "Fedora 9 : condor-7.0.5-1.fc9 (2008-8733)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8733.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34378);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:28\");\n\n script_cve_id(\"CVE-2008-3826\", \"CVE-2008-3828\", \"CVE-2008-3829\", \"CVE-2008-3830\");\n script_xref(name:\"FEDORA\", value:\"2008-8733\");\n\n script_name(english:\"Fedora 9 : condor-7.0.5-1.fc9 (2008-8733)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security update, fixes security issues rebasing on 7.0.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=463987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=463990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=463995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=463997\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-October/015204.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e9dd547\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected condor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:condor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"condor-7.0.5-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"condor\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:56:12", "bulletinFamily": "scanner", "description": "Check for the Version of condor", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860848", "id": "OPENVAS:860848", "title": "Fedora Update for condor FEDORA-2008-8733", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for condor FEDORA-2008-8733\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"condor on Fedora 9\";\ntag_insight = \"Condor is a specialized workload management system for\n compute-intensive jobs. Like other full-featured batch systems, Condor\n provides a job queueing mechanism, scheduling policy, priority scheme,\n resource monitoring, and resource management. Users submit their\n serial or parallel jobs to Condor, Condor places them into a queue,\n chooses when and where to run the jobs based upon a policy, carefully\n monitors their progress, and ultimately informs the user upon\n completion.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html\");\n script_id(860848);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8733\");\n script_cve_id(\"CVE-2008-3826\", \"CVE-2008-3828\", \"CVE-2008-3829\", \"CVE-2008-3830\");\n script_name( \"Fedora Update for condor FEDORA-2008-8733\");\n\n script_summary(\"Check for the Version of condor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"condor\", rpm:\"condor~7.0.5~1.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:17", "bulletinFamily": "unix", "description": "Condor is a specialized workload management system for compute-intensive\njobs. It provides a job queuing mechanism, scheduling policy, priority\nscheme, and resource monitoring and management.\n\nA flaw was found in the way Condor processed user submitted jobs. It was\npossible for a user to submit a job in a way that could cause that job to\nrun as a different user with access to the pool. (CVE-2008-3826)\n\nA stack based buffer overflow flaw was found in Condor's condor_schedd\ndaemon. A user who had permissions to submit a job could do so in a manner\nthat could cause condor_schedd to crash or, potentially, execute arbitrary\ncode with the permissions of condor_schedd. (CVE-2008-3828)\n\nA denial-of-service flaw was found in Condor's condor_schedd daemon. A user\nwho had permissions to submit a job could do so in a manner that would\ncause condor_schedd to crash. (CVE-2008-3829)\n\nA flaw was found in the way Condor processes allowed and denied netmasks\nfor access control. If a configuration file contained an overlapping\nnetmask in the allow or deny rules, it could cause that rule to be ignored,\nallowing unintended access. (CVE-2008-3830)\n\n\nThis update also fixes the following bugs:\n\n* the \"amazon_gahp -m\" command sets the AMAZON_GAHP_WORKER_MAX_NUM\nconfiguration option, fixing the maximum number of processes contacting EC2\nat any given time. Previously, Condor did not honor this option, leaving\nthe maximum number of created threads unbounded. This has been corrected:\nvalues set with the \"-m\" argument are now properly understood.\n\n* the gridmanager constructed KeyPairs for all outstanding EC2 jobs before\nany jobs are started. When there were many (>10,000) EC2 jobs in the queue,\nsignificant delays occurred. With this update, KeyPairs are no longer \nconstructed up-front.\n\n* an error in condor_negotiator caused intialization code to re-run\nwhenever condor_reconfig was run. The flag which noted if the\ninitialization code should run was always set to \"true\". This error has\nbeen corrected: the initialization code now executes only at startup.\n\n\nAs well, this update adds the following enhancements:\n\n* this release introduces Concurrency Limits. These allow Condor to account\nfor resources not directly under its control, such as software licenses.\n\n* this update includes the latest stable upstream release of Condor:\nversion 7.0.5. Information on the features and fixes included with this\nrelease are in the Condor Release Notes, available via the link in the\nReferences section below.\n\n* base support for low-latency scheduling and transparent translation of\nEC2 jobs has also been added in this update. Note: implementation of these\ntwo features depends on separate packages which are yet to be released.\n\nAll Red Hat Enterprise MRG 1.0 users are advised to upgrade to these\nupdated packages which address these vulnerabilities, fix these bugs and\nadd these enhancements.", "modified": "2019-03-22T23:44:39", "published": "2008-10-07T04:00:00", "id": "RHSA-2008:0911", "href": "https://access.redhat.com/errata/RHSA-2008:0911", "type": "redhat", "title": "(RHSA-2008:0911) Moderate: condor security, bug fix and enhancement update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
