CVE-2012-3491
6.2 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
79.6%
src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.
References
condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1fff5d40
research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html
rhn.redhat.com/errata/RHSA-2012-1278.html
rhn.redhat.com/errata/RHSA-2012-1281.html
secunia.com/advisories/50666
www.openwall.com/lists/oss-security/2012/09/20/9
www.securityfocus.com/bid/55632
bugzilla.redhat.com/show_bug.cgi?id=848214
Related
6.2 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
79.6%