logo
DATABASE RESOURCES PRICING ABOUT US

Debian DSA-5144-1 : condor - security update

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5144 advisory. - HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) (CVE-2019-18823) - An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. (CVE-2022-26110) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related