Lucene search

[email protected]CVE-2013-4255

HistoryOct 11, 2013 - 10:55 p.m.

CVE-2013-4255

2013-10-1122:55:39

CWE-20

[email protected]

web.nvd.nist.gov

condor

cve-2013-4255

denial of service

policy definition evaluator

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.8%

JSON

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.

Affected configurations

NVD

Node

condor_projectcondorRange≤8.0.0

condor_projectcondorMatch7.5.4

Node

redhatenterprise_mrgMatch2.0

redhatenterprise_mrgMatch2.1

redhatenterprise_mrgMatch2.2

redhatenterprise_mrgMatch2.3

CPENameOperatorVersion
condor_project:condorcondor project condorle8.0.0
condor_project:condorcondor project condoreq7.5.4

CPE	Name	Operator	Version
condor_project:condor	condor project condor	le	8.0.0
condor_project:condor	condor project condor	eq	7.5.4

References

rhn.redhat.com/errata/RHSA-2013-1171.html

rhn.redhat.com/errata/RHSA-2013-1172.html

bugzilla.redhat.com/show_bug.cgi?id=919401

htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786

htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for CVE-2013-4255

redhat2 cvelist1 nessus2 ubuntucve1 nvd1 prion1 debiancve1