DATABASE RESOURCES PRICING ABOUT US

{"id": "DEBIAN:DLA-2984-1:09E6B", "vendorId": null, "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 2984-1] condor security update", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2984-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nApril 19, 2022 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : condor\nVersion : 8.4.11~dfsg.1-1+deb9u2\nCVE ID : CVE-2022-26110\nDebian Bug : 1008634\n\nJaime Frey discovered a flaw in HTCondor, a distributed workload management\nsystem. An attacker need only have READ-level authorization to a vulnerable\ndaemon using the CLAIMTOBE authentication method. This means they are able to\nrun tools like condor_q or condor_status. Many pools do not restrict who can\nissue READ-level commands, and CLAIMTOBE is allowed for READ-level commands in\nthe default configuration. Thus, it is likely that an attacker could execute\nthis command remotely from an untrusted network, unless prevented by a firewall\nor other network-level access controls. \n\nFor Debian 9 stretch, this problem has been fixed in version\n8.4.11~dfsg.1-1+deb9u2.\n\nWe recommend that you upgrade your condor packages.\n\nFor the detailed security status of condor please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/condor\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "published": "2022-04-19T12:57:01", "modified": "2022-04-19T12:57:01", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.5}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://lists.debian.org/debian-lts-announce/2022/04/msg00016.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2022-26110"], "immutableFields": [], "lastseen": "2022-06-27T06:10:03", "viewCount": 13, "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-26110"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5144-1:57927"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-26110"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-5144.NASL"]}, {"type": "osv", "idList": ["OSV:DLA-2984-1", "OSV:DSA-5144-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-26110"]}]}, "vulnersScore": 0.4}, "_state": {"score": 1660008386, "dependencies": 1660004461}, "_internal": {"score_hash": "cab4b19123c6ce083e19fd348b30610d"}, "affectedPackage": [{"operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_mipsel.deb", "arch": "mipsel", "packageName": "htcondor-dbg"}, {"operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "all", "packageFilename": "condor_8.6.8~dfsg.1-2+deb10u1_all.deb", "packageName": "condor"}, {"operator": "lt", "packageFilename": "libclassad8_8.6.8~dfsg.1-2+deb10u1_mipsel.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "mipsel", "packageName": "libclassad8"}, {"operator": "lt", "arch": "armhf", "OSVersion": "10", "packageFilename": "libclassad-dev_8.6.8~dfsg.1-2+deb10u1_armhf.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "libclassad-dev"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "htcondor_8.6.8~dfsg.1-2+deb10u1_amd64.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "amd64", "packageName": "htcondor"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "htcondor-dev_8.6.8~dfsg.1-2+deb10u1_arm64.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "arm64", "packageName": "htcondor-dev"}, {"packageFilename": "htcondor_8.6.8~dfsg.1-2+deb10u1_s390x.deb", "operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "s390x", "packageName": "htcondor"}, {"operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "packageFilename": "condor-doc_8.4.11~dfsg.1-1+deb9u2_all.deb", "OSVersion": "9", "arch": "all", "packageName": "condor-doc"}, {"operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "packageFilename": "condor-dbg_8.4.11~dfsg.1-1+deb9u2_all.deb", "OS": "Debian", "OSVersion": "9", "arch": "all", "packageName": "condor-dbg"}, {"operator": "lt", "arch": "armhf", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "packageFilename": "libclassad-dev_8.4.11~dfsg.1-1+deb9u2_armhf.deb", "packageName": "libclassad-dev"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "libclassad-dev_8.6.8~dfsg.1-2+deb10u1_s390x.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "s390x", "packageName": "libclassad-dev"}, {"operator": "lt", "packageFilename": "condor-dev_8.4.11~dfsg.1-1+deb9u2_all.deb", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "arch": "all", "packageName": "condor-dev"}, {"operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "packageFilename": "htcondor-dbg_8.4.11~dfsg.1-1+deb9u2_arm64.deb", "OSVersion": "9", "arch": "arm64", "packageName": "htcondor-dbg"}, {"operator": "lt", "OSVersion": "10", "OS": "Debian", "packageFilename": "htcondor_8.6.8~dfsg.1-2+deb10u1_mipsel.deb", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "mipsel", "packageName": "htcondor"}, {"operator": "lt", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "libclassad8_8.6.8~dfsg.1-2+deb10u1_armhf.deb", "packageName": "libclassad8"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "htcondor_8.6.8~dfsg.1-2+deb10u1_ppc64el.deb", "arch": "ppc64el", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "htcondor"}, {"operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "arch": "armel", "OS": "Debian", "OSVersion": "9", "packageFilename": "htcondor_8.4.11~dfsg.1-1+deb9u2_armel.deb", "packageName": "htcondor"}, {"operator": "lt", "arch": "armhf", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "packageFilename": "htcondor-dev_8.4.11~dfsg.1-1+deb9u2_armhf.deb", "OSVersion": "9", "packageName": "htcondor-dev"}, {"arch": "mips", "operator": "lt", "OSVersion": "10", "packageFilename": "htcondor-dev_8.6.8~dfsg.1-2+deb10u1_mips.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "htcondor-dev"}, {"packageFilename": "htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_amd64.deb", "operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "amd64", "packageName": "htcondor-dbg"}, {"operator": "lt", "arch": "armhf", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "packageFilename": "htcondor-dbg_8.4.11~dfsg.1-1+deb9u2_armhf.deb", "OSVersion": "9", "packageName": "htcondor-dbg"}, {"operator": "lt", "OSVersion": "10", "OS": "Debian", "packageFilename": "libclassad-dev_8.6.8~dfsg.1-2+deb10u1_mipsel.deb", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "mipsel", "packageName": "libclassad-dev"}, {"operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "htcondor-dev_8.6.8~dfsg.1-2+deb10u1_s390x.deb", "arch": "s390x", "packageName": "htcondor-dev"}, {"operator": "lt", "OSVersion": "10", "arch": "ppc64el", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "libclassad8_8.6.8~dfsg.1-2+deb10u1_ppc64el.deb", "packageName": "libclassad8"}, {"packageFilename": "libclassad-dev_8.4.11~dfsg.1-1+deb9u2_amd64.deb", "operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "arch": "amd64", "packageName": "libclassad-dev"}, {"packageFilename": "htcondor_8.4.11~dfsg.1-1+deb9u2_armhf.deb", "operator": "lt", "arch": "armhf", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "packageName": "htcondor"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "htcondor_8.6.8~dfsg.1-2+deb10u1_arm64.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "arm64", "packageName": "htcondor"}, {"operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_mips64el.deb", "arch": "mips64el", "packageName": "htcondor-dbg"}, {"operator": "lt", "arch": "i386", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "packageFilename": "htcondor_8.4.11~dfsg.1-1+deb9u2_i386.deb", "packageName": "htcondor"}, {"operator": "lt", "packageFilename": "htcondor_8.4.11~dfsg.1-1+deb9u2_amd64.deb", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "arch": "amd64", "packageName": "htcondor"}, {"operator": "lt", "OSVersion": "10", "arch": "armel", "packageFilename": "htcondor-dev_8.6.8~dfsg.1-2+deb10u1_armel.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "htcondor-dev"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "libclassad8_8.6.8~dfsg.1-2+deb10u1_arm64.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "arm64", "packageName": "libclassad8"}, {"packageFilename": "htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_s390x.deb", "operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "s390x", "packageName": "htcondor-dbg"}, {"packageFilename": "htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_arm64.deb", "operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "arm64", "packageName": "htcondor-dbg"}, {"operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "packageFilename": "libclassad7_8.4.11~dfsg.1-1+deb9u2_arm64.deb", "OS": "Debian", "OSVersion": "9", "arch": "arm64", "packageName": "libclassad7"}, {"operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "htcondor-doc_8.6.8~dfsg.1-2+deb10u1_all.deb", "arch": "all", "packageName": "htcondor-doc"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "htcondor-dev_8.6.8~dfsg.1-2+deb10u1_amd64.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "amd64", "packageName": "htcondor-dev"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "libclassad8_8.6.8~dfsg.1-2+deb10u1_s390x.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "s390x", "packageName": "libclassad8"}, {"operator": "lt", "arch": "i386", "OSVersion": "10", "packageFilename": "htcondor-dev_8.6.8~dfsg.1-2+deb10u1_i386.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "htcondor-dev"}, {"operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "mips64el", "packageFilename": "htcondor_8.6.8~dfsg.1-2+deb10u1_mips64el.deb", "packageName": "htcondor"}, {"operator": "lt", "OSVersion": "10", "OS": "Debian", "packageFilename": "libclassad-dev_8.6.8~dfsg.1-2+deb10u1_mips64el.deb", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "mips64el", "packageName": "libclassad-dev"}, {"operator": "lt", "packageFilename": "htcondor-dev_8.4.11~dfsg.1-1+deb9u2_armel.deb", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "arch": "armel", "OS": "Debian", "OSVersion": "9", "packageName": "htcondor-dev"}, {"operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "arch": "armel", "OS": "Debian", "OSVersion": "9", "packageFilename": "libclassad7_8.4.11~dfsg.1-1+deb9u2_armel.deb", "packageName": "libclassad7"}, {"operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "packageFilename": "htcondor-dbg_8.4.11~dfsg.1-1+deb9u2_amd64.deb", "arch": "amd64", "packageName": "htcondor-dbg"}, {"operator": "lt", "packageFilename": "htcondor-doc_8.4.11~dfsg.1-1+deb9u2_all.deb", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "arch": "all", "packageName": "htcondor-doc"}, {"packageFilename": "htcondor_8.4.11~dfsg.1-1+deb9u2_arm64.deb", "operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "arch": "arm64", "packageName": "htcondor"}, {"packageFilename": "libclassad-dev_8.6.8~dfsg.1-2+deb10u1_i386.deb", "operator": "lt", "arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "libclassad-dev"}, {"operator": "lt", "packageFilename": "libclassad8_8.6.8~dfsg.1-2+deb10u1_amd64.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "amd64", "packageName": "libclassad8"}, {"operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "packageFilename": "htcondor-dev_8.4.11~dfsg.1-1+deb9u2_amd64.deb", "arch": "amd64", "packageName": "htcondor-dev"}, {"packageFilename": "libclassad8_8.6.8~dfsg.1-2+deb10u1_mips64el.deb", "operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "mips64el", "packageName": "libclassad8"}, {"operator": "lt", "arch": "i386", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "packageFilename": "libclassad-dev_8.4.11~dfsg.1-1+deb9u2_i386.deb", "OS": "Debian", "OSVersion": "9", "packageName": "libclassad-dev"}, {"operator": "lt", "packageFilename": "libclassad7_8.4.11~dfsg.1-1+deb9u2_amd64.deb", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "arch": "amd64", "packageName": "libclassad7"}, {"operator": "lt", "OSVersion": "10", "arch": "ppc64el", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "htcondor-dev_8.6.8~dfsg.1-2+deb10u1_ppc64el.deb", "packageName": "htcondor-dev"}, {"packageFilename": "htcondor-dbg_8.4.11~dfsg.1-1+deb9u2_armel.deb", "operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "arch": "armel", "OS": "Debian", "OSVersion": "9", "packageName": "htcondor-dbg"}, {"operator": "lt", "arch": "i386", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "packageFilename": "libclassad7_8.4.11~dfsg.1-1+deb9u2_i386.deb", "OSVersion": "9", "packageName": "libclassad7"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "libclassad-dev_8.6.8~dfsg.1-2+deb10u1_arm64.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "arm64", "packageName": "libclassad-dev"}, {"arch": "mips", "operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "libclassad-dev_8.6.8~dfsg.1-2+deb10u1_mips.deb", "packageName": "libclassad-dev"}, {"arch": "mips", "operator": "lt", "OSVersion": "10", "packageFilename": "htcondor_8.6.8~dfsg.1-2+deb10u1_mips.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "htcondor"}, {"operator": "lt", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_armhf.deb", "packageName": "htcondor-dbg"}, {"operator": "lt", "OSVersion": "10", "arch": "armel", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "libclassad-dev_8.6.8~dfsg.1-2+deb10u1_armel.deb", "packageName": "libclassad-dev"}, {"arch": "mips", "operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_mips.deb", "packageName": "htcondor-dbg"}, {"operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "condor_8.4.11~dfsg.1-1+deb9u2_all.deb", "packageName": "condor"}, {"operator": "lt", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "htcondor_8.6.8~dfsg.1-2+deb10u1_armhf.deb", "packageName": "htcondor"}, {"packageFilename": "htcondor-dbg_8.4.11~dfsg.1-1+deb9u2_i386.deb", "operator": "lt", "arch": "i386", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "packageName": "htcondor-dbg"}, {"packageFilename": "htcondor-dev_8.4.11~dfsg.1-1+deb9u2_i386.deb", "operator": "lt", "arch": "i386", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "packageName": "htcondor-dev"}, {"operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "arch": "armel", "OS": "Debian", "packageFilename": "libclassad-dev_8.4.11~dfsg.1-1+deb9u2_armel.deb", "OSVersion": "9", "packageName": "libclassad-dev"}, {"arch": "mips", "operator": "lt", "OSVersion": "10", "packageFilename": "libclassad8_8.6.8~dfsg.1-2+deb10u1_mips.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "libclassad8"}, {"operator": "lt", "arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "htcondor_8.6.8~dfsg.1-2+deb10u1_i386.deb", "packageName": "htcondor"}, {"operator": "lt", "arch": "armhf", "packageFilename": "libclassad7_8.4.11~dfsg.1-1+deb9u2_armhf.deb", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "packageName": "libclassad7"}, {"operator": "lt", "packageFilename": "htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_ppc64el.deb", "OSVersion": "10", "arch": "ppc64el", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "htcondor-dbg"}, {"operator": "lt", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "arch": "arm64", "packageFilename": "libclassad-dev_8.4.11~dfsg.1-1+deb9u2_arm64.deb", "packageName": "libclassad-dev"}, {"operator": "lt", "OSVersion": "10", "arch": "armel", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "libclassad8_8.6.8~dfsg.1-2+deb10u1_armel.deb", "packageName": "libclassad8"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "libclassad-dev_8.6.8~dfsg.1-2+deb10u1_amd64.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "amd64", "packageName": "libclassad-dev"}, {"operator": "lt", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "htcondor-dev_8.6.8~dfsg.1-2+deb10u1_armhf.deb", "packageName": "htcondor-dev"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "htcondor-dev_8.6.8~dfsg.1-2+deb10u1_mips64el.deb", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "mips64el", "packageName": "htcondor-dev"}, {"operator": "lt", "packageFilename": "htcondor-dev_8.4.11~dfsg.1-1+deb9u2_arm64.deb", "packageVersion": "8.4.11~dfsg.1-1+deb9u2", "OS": "Debian", "OSVersion": "9", "arch": "arm64", "packageName": "htcondor-dev"}, {"packageFilename": "htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_armel.deb", "operator": "lt", "OSVersion": "10", "arch": "armel", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "htcondor-dbg"}, {"operator": "lt", "arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageFilename": "htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_i386.deb", "packageName": "htcondor-dbg"}, {"operator": "lt", "packageFilename": "htcondor_8.6.8~dfsg.1-2+deb10u1_armel.deb", "OSVersion": "10", "arch": "armel", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "htcondor"}, {"operator": "lt", "OSVersion": "10", "OS": "Debian", "packageFilename": "htcondor-dev_8.6.8~dfsg.1-2+deb10u1_mipsel.deb", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "arch": "mipsel", "packageName": "htcondor-dev"}, {"operator": "lt", "arch": "i386", "packageFilename": "libclassad8_8.6.8~dfsg.1-2+deb10u1_i386.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "libclassad8"}, {"operator": "lt", "OSVersion": "10", "packageFilename": "libclassad-dev_8.6.8~dfsg.1-2+deb10u1_ppc64el.deb", "arch": "ppc64el", "OS": "Debian", "packageVersion": "8.6.8~dfsg.1-2+deb10u1", "packageName": "libclassad-dev"}]}

{"cve": [{"lastseen": "2022-09-03T05:28:30", "description": "An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-06T02:15:00", "type": "cve", "title": "CVE-2022-26110", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26110"], "modified": "2022-09-03T03:34:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2022-26110", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26110", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "osv": [{"lastseen": "2022-08-05T05:19:22", "description": "\nJaime Frey discovered a flaw in HTCondor, a distributed workload management\nsystem. An attacker need only have READ-level authorization to a vulnerable\ndaemon using the CLAIMTOBE authentication method. This means they are able to\nrun tools like condor\\_q or condor\\_status. Many pools do not restrict who can\nissue READ-level commands, and CLAIMTOBE is allowed for READ-level commands in\nthe default configuration. Thus, it is likely that an attacker could execute\nthis command remotely from an untrusted network, unless prevented by a firewall\nor other network-level access controls.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n8.4.11~dfsg.1-1+deb9u2.\n\n\nWe recommend that you upgrade your condor packages.\n\n\nFor the detailed security status of condor please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/condor>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-19T00:00:00", "type": "osv", "title": "condor - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26110"], "modified": "2022-08-05T05:19:21", "id": "OSV:DLA-2984-1", "href": "https://osv.dev/vulnerability/DLA-2984-1", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:07:36", "description": "\nSeveral flaws have been discovered in HTCondor, a distributed workload\nmanagement system, which allow users with only READ access to any daemon to use\na different authentication method than the administrator has specified. If the\nadministrator has configured the READ or WRITE methods to include CLAIMTOBE,\nthen it is possible to impersonate another user and submit or remove jobs.\n\n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 8.6.8~dfsg.1-2+deb10u1.\n\n\nWe recommend that you upgrade your condor packages.\n\n\nFor the detailed security status of condor please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/condor](https://security-tracker.debian.org/tracker/condor)\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-22T00:00:00", "type": "osv", "title": "condor - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18823", "CVE-2022-26110"], "modified": "2022-08-10T07:07:31", "id": "OSV:DSA-5144-1", "href": "https://osv.dev/vulnerability/DSA-5144-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-09-10T15:39:19", "description": "An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-06T02:15:00", "type": "debiancve", "title": "CVE-2022-26110", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26110"], "modified": "2022-04-06T02:15:00", "id": "DEBIANCVE:CVE-2022-26110", "href": "https://security-tracker.debian.org/tracker/CVE-2022-26110", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-01-27T13:21:46", "description": "An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before\n9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor\ndaemon via the CLAIMTOBE method, the user can then impersonate any entity\nwhen issuing additional commands to that daemon.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-06T00:00:00", "type": "ubuntucve", "title": "CVE-2022-26110", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26110"], "modified": "2022-04-06T00:00:00", "id": "UB:CVE-2022-26110", "href": "https://ubuntu.com/security/CVE-2022-26110", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-01-21T22:42:05", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5144-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nMay 22, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : condor\nCVE ID : CVE-2019-18823 CVE-2022-26110\nDebian Bug : 963777 1008634\n\nSeveral flaws have been discovered in HTCondor, a distributed workload\nmanagement system, which allow users with only READ access to any daemon to use\na different authentication method than the administrator has specified. If the\nadministrator has configured the READ or WRITE methods to include CLAIMTOBE,\nthen it is possible to impersonate another user and submit or remove jobs.\n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 8.6.8~dfsg.1-2+deb10u1.\n\nWe recommend that you upgrade your condor packages.\n\nFor the detailed security status of condor please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/condor\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-22T20:22:48", "type": "debian", "title": "[SECURITY] [DSA 5144-1] condor security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18823", "CVE-2022-26110"], "modified": "2022-05-22T20:22:48", "id": "DEBIAN:DSA-5144-1:57927", "href": "https://lists.debian.org/debian-security-announce/2022/msg00112.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-10T19:23:33", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5144 advisory.\n\n - HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) (CVE-2019-18823)\n\n - An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. (CVE-2022-26110)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-23T00:00:00", "type": "nessus", "title": "Debian DSA-5144-1 : condor - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18823", "CVE-2022-26110"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:htcondor", "p-cpe:/a:debian:debian_linux:htcondor-dbg", "p-cpe:/a:debian:debian_linux:htcondor-dev", "p-cpe:/a:debian:debian_linux:htcondor-doc", "p-cpe:/a:debian:debian_linux:libclassad-dev", "p-cpe:/a:debian:debian_linux:libclassad8", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-5144.NASL", "href": "https://www.tenable.com/plugins/nessus/161436", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5144. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161436);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-18823\", \"CVE-2022-26110\");\n\n script_name(english:\"Debian DSA-5144-1 : condor - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5144 advisory.\n\n - HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access\n Control. It is possible to use a different authentication method to submit a job than the administrator\n has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it\n is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)\n (CVE-2019-18823)\n\n - An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When\n a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any\n entity when issuing additional commands to that daemon. (CVE-2022-26110)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/condor\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-18823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/condor\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the condor packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18823\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:htcondor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:htcondor-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:htcondor-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:htcondor-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libclassad-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libclassad8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'htcondor', 'reference': '8.6.8~dfsg.1-2+deb10u1'},\n {'release': '10.0', 'prefix': 'htcondor-dbg', 'reference': '8.6.8~dfsg.1-2+deb10u1'},\n {'release': '10.0', 'prefix': 'htcondor-dev', 'reference': '8.6.8~dfsg.1-2+deb10u1'},\n {'release': '10.0', 'prefix': 'htcondor-doc', 'reference': '8.6.8~dfsg.1-2+deb10u1'},\n {'release': '10.0', 'prefix': 'libclassad-dev', 'reference': '8.6.8~dfsg.1-2+deb10u1'},\n {'release': '10.0', 'prefix': 'libclassad8', 'reference': '8.6.8~dfsg.1-2+deb10u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'htcondor / htcondor-dbg / htcondor-dev / htcondor-doc / libclassad-dev / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}