ID RHSA-2013:1171 Type redhat Reporter RedHat Modified 2016-04-04T18:34:04
Description
HTCondor is a specialized workload management system for compute-intensive
jobs. It provides a job queuing mechanism, scheduling policy, priority
scheme, and resource monitoring and management.
A denial of service flaw was found in the way HTCondor's policy definition
evaluator processed certain policy definitions. If an administrator used an
attribute defined on a job in a CONTINUE, KILL, PREEMPT, or SUSPEND
condor_startd policy, a remote HTCondor service user could use this flaw to
cause condor_startd to exit by submitting a job that caused such a policy
definition to be evaluated to either the ERROR or UNDEFINED states.
(CVE-2013-4255)
Note: This issue did not affect the default HTCondor configuration.
This issue was found by Matthew Farrellee of Red Hat.
All Red Hat Enterprise MRG 2.3 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
HTCondor must be restarted for the update to take effect.
{"id": "RHSA-2013:1171", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2013:1171) Moderate: condor security update", "description": "HTCondor is a specialized workload management system for compute-intensive\njobs. It provides a job queuing mechanism, scheduling policy, priority\nscheme, and resource monitoring and management.\n\nA denial of service flaw was found in the way HTCondor's policy definition\nevaluator processed certain policy definitions. If an administrator used an\nattribute defined on a job in a CONTINUE, KILL, PREEMPT, or SUSPEND\ncondor_startd policy, a remote HTCondor service user could use this flaw to\ncause condor_startd to exit by submitting a job that caused such a policy\ndefinition to be evaluated to either the ERROR or UNDEFINED states.\n(CVE-2013-4255)\n\nNote: This issue did not affect the default HTCondor configuration.\n\nThis issue was found by Matthew Farrellee of Red Hat.\n\nAll Red Hat Enterprise MRG 2.3 users are advised to upgrade to these\nupdated packages, which contain a backported patch to correct this issue.\nHTCondor must be restarted for the update to take effect.\n", "published": "2013-08-21T04:00:00", "modified": "2016-04-04T18:34:04", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2013:1171", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2013-4255"], "lastseen": "2019-08-13T18:46:22", "viewCount": 5, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2019-08-13T18:46:22", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-4255"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2013-1171.NASL", "REDHAT-RHSA-2013-1172.NASL"]}, {"type": "redhat", "idList": ["RHSA-2013:1172"]}], "modified": "2019-08-13T18:46:22", "rev": 2}, "vulnersScore": 5.2}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "condor-classads", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-classads-7.8.8-0.4.2.el5_9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "condor-vm-gahp", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-vm-gahp-7.8.8-0.4.2.el5_9.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "condor-classads", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-classads-7.8.8-0.4.2.el5_9.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "condor-vm-gahp", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-vm-gahp-7.8.8-0.4.2.el5_9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "condor", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-7.8.8-0.4.2.el5_9.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "condor-qmf", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-qmf-7.8.8-0.4.2.el5_9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "condor-aviary", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-aviary-7.8.8-0.4.2.el5_9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "condor", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-7.8.8-0.4.2.el5_9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "condor-kbdd", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-kbdd-7.8.8-0.4.2.el5_9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "condor-qmf", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-qmf-7.8.8-0.4.2.el5_9.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "condor-aviary", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-aviary-7.8.8-0.4.2.el5_9.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "condor-kbdd", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-kbdd-7.8.8-0.4.2.el5_9.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "condor", "packageVersion": "7.8.8-0.4.2.el5_9", "packageFilename": "condor-7.8.8-0.4.2.el5_9.i386.rpm", "operator": "lt"}]}
{"cve": [{"lastseen": "2021-02-02T06:06:55", "description": "The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.", "edition": 6, "cvss3": {}, "published": "2013-10-11T22:55:00", "title": "CVE-2013-4255", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4255"], "modified": "2013-10-15T16:12:00", "cpe": ["cpe:/a:redhat:enterprise_mrg:2.1", "cpe:/a:condor_project:condor:7.5.4", "cpe:/a:redhat:enterprise_mrg:2.2", "cpe:/a:redhat:enterprise_mrg:2.0", "cpe:/a:condor_project:condor:8.0.0", "cpe:/a:redhat:enterprise_mrg:2.3"], "id": "CVE-2013-4255", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4255", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:redhat:enterprise_mrg:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:condor_project:condor:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_mrg:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:condor_project:condor:7.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2019-08-13T18:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4255"], "description": "HTCondor is a specialized workload management system for compute-intensive\njobs. It provides a job queuing mechanism, scheduling policy, priority\nscheme, and resource monitoring and management.\n\nA denial of service flaw was found in the way HTCondor's policy definition\nevaluator processed certain policy definitions. If an administrator used an\nattribute defined on a job in a CONTINUE, KILL, PREEMPT, or SUSPEND\ncondor_startd policy, a remote HTCondor service user could use this flaw to\ncause condor_startd to exit by submitting a job that caused such a policy\ndefinition to be evaluated to either the ERROR or UNDEFINED states.\n(CVE-2013-4255)\n\nNote: This issue did not affect the default HTCondor configuration.\n\nThis issue was found by Matthew Farrellee of Red Hat.\n\nAll Red Hat Enterprise MRG 2.3 users are advised to upgrade to these\nupdated packages, which contain a backported patch to correct this issue.\nHTCondor must be restarted for the update to take effect.\n", "modified": "2018-06-07T02:47:03", "published": "2013-08-21T04:00:00", "id": "RHSA-2013:1172", "href": "https://access.redhat.com/errata/RHSA-2013:1172", "type": "redhat", "title": "(RHSA-2013:1172) Moderate: condor security update", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-17T13:12:59", "description": "Updated condor packages that fix one security issue are now available\nfor Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nHTCondor is a specialized workload management system for\ncompute-intensive jobs. It provides a job queuing mechanism,\nscheduling policy, priority scheme, and resource monitoring and\nmanagement.\n\nA denial of service flaw was found in the way HTCondor's policy\ndefinition evaluator processed certain policy definitions. If an\nadministrator used an attribute defined on a job in a CONTINUE, KILL,\nPREEMPT, or SUSPEND condor_startd policy, a remote HTCondor service\nuser could use this flaw to cause condor_startd to exit by submitting\na job that caused such a policy definition to be evaluated to either\nthe ERROR or UNDEFINED states. (CVE-2013-4255)\n\nNote: This issue did not affect the default HTCondor configuration.\n\nThis issue was found by Matthew Farrellee of Red Hat.\n\nAll Red Hat Enterprise MRG 2.3 users are advised to upgrade to these\nupdated packages, which contain a backported patch to correct this\nissue. HTCondor must be restarted for the update to take effect.", "edition": 25, "published": "2014-07-22T00:00:00", "title": "RHEL 6 : MRG (RHSA-2013:1172)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4255"], "modified": "2014-07-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:condor-debuginfo", "p-cpe:/a:redhat:enterprise_linux:condor-aviary", "p-cpe:/a:redhat:enterprise_linux:condor-plumage", "p-cpe:/a:redhat:enterprise_linux:condor-kbdd", "p-cpe:/a:redhat:enterprise_linux:condor-classads", "p-cpe:/a:redhat:enterprise_linux:condor", "p-cpe:/a:redhat:enterprise_linux:condor-cluster-resource-agent", "p-cpe:/a:redhat:enterprise_linux:condor-deltacloud-gahp", "p-cpe:/a:redhat:enterprise_linux:condor-qmf", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:condor-vm-gahp"], "id": "REDHAT-RHSA-2013-1172.NASL", "href": "https://www.tenable.com/plugins/nessus/76664", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1172. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76664);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4255\");\n script_xref(name:\"RHSA\", value:\"2013:1172\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:1172)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated condor packages that fix one security issue are now available\nfor Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nHTCondor is a specialized workload management system for\ncompute-intensive jobs. It provides a job queuing mechanism,\nscheduling policy, priority scheme, and resource monitoring and\nmanagement.\n\nA denial of service flaw was found in the way HTCondor's policy\ndefinition evaluator processed certain policy definitions. If an\nadministrator used an attribute defined on a job in a CONTINUE, KILL,\nPREEMPT, or SUSPEND condor_startd policy, a remote HTCondor service\nuser could use this flaw to cause condor_startd to exit by submitting\na job that caused such a policy definition to be evaluated to either\nthe ERROR or UNDEFINED states. (CVE-2013-4255)\n\nNote: This issue did not affect the default HTCondor configuration.\n\nThis issue was found by Matthew Farrellee of Red Hat.\n\nAll Red Hat Enterprise MRG 2.3 users are advised to upgrade to these\nupdated packages, which contain a backported patch to correct this\nissue. HTCondor must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4255\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-aviary\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-classads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-cluster-resource-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-deltacloud-gahp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-kbdd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-plumage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-qmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-vm-gahp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1172\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-aviary-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-aviary-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-classads-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-classads-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-cluster-resource-agent-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-cluster-resource-agent-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-debuginfo-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-debuginfo-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-deltacloud-gahp-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-kbdd-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-kbdd-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-plumage-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-plumage-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"condor-qmf-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-qmf-7.8.8-0.4.3.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"condor-vm-gahp-7.8.8-0.4.3.el6_4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"condor / condor-aviary / condor-classads / etc\");\n }\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:12:59", "description": "Updated condor packages that fix one security issue are now available\nfor Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nHTCondor is a specialized workload management system for\ncompute-intensive jobs. It provides a job queuing mechanism,\nscheduling policy, priority scheme, and resource monitoring and\nmanagement.\n\nA denial of service flaw was found in the way HTCondor's policy\ndefinition evaluator processed certain policy definitions. If an\nadministrator used an attribute defined on a job in a CONTINUE, KILL,\nPREEMPT, or SUSPEND condor_startd policy, a remote HTCondor service\nuser could use this flaw to cause condor_startd to exit by submitting\na job that caused such a policy definition to be evaluated to either\nthe ERROR or UNDEFINED states. (CVE-2013-4255)\n\nNote: This issue did not affect the default HTCondor configuration.\n\nThis issue was found by Matthew Farrellee of Red Hat.\n\nAll Red Hat Enterprise MRG 2.3 users are advised to upgrade to these\nupdated packages, which contain a backported patch to correct this\nissue. HTCondor must be restarted for the update to take effect.", "edition": 25, "published": "2014-07-22T00:00:00", "title": "RHEL 5 : MRG (RHSA-2013:1171)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4255"], "modified": "2014-07-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:condor-aviary", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:condor-kbdd", "p-cpe:/a:redhat:enterprise_linux:condor-classads", "p-cpe:/a:redhat:enterprise_linux:condor", "p-cpe:/a:redhat:enterprise_linux:condor-qmf", "p-cpe:/a:redhat:enterprise_linux:condor-vm-gahp"], "id": "REDHAT-RHSA-2013-1171.NASL", "href": "https://www.tenable.com/plugins/nessus/76663", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1171. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76663);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4255\");\n script_xref(name:\"RHSA\", value:\"2013:1171\");\n\n script_name(english:\"RHEL 5 : MRG (RHSA-2013:1171)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated condor packages that fix one security issue are now available\nfor Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nHTCondor is a specialized workload management system for\ncompute-intensive jobs. It provides a job queuing mechanism,\nscheduling policy, priority scheme, and resource monitoring and\nmanagement.\n\nA denial of service flaw was found in the way HTCondor's policy\ndefinition evaluator processed certain policy definitions. If an\nadministrator used an attribute defined on a job in a CONTINUE, KILL,\nPREEMPT, or SUSPEND condor_startd policy, a remote HTCondor service\nuser could use this flaw to cause condor_startd to exit by submitting\na job that caused such a policy definition to be evaluated to either\nthe ERROR or UNDEFINED states. (CVE-2013-4255)\n\nNote: This issue did not affect the default HTCondor configuration.\n\nThis issue was found by Matthew Farrellee of Red Hat.\n\nAll Red Hat Enterprise MRG 2.3 users are advised to upgrade to these\nupdated packages, which contain a backported patch to correct this\nissue. HTCondor must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4255\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-aviary\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-classads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-kbdd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-qmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:condor-vm-gahp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1171\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-7.8.8-0.4.2.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-7.8.8-0.4.2.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-aviary-7.8.8-0.4.2.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-aviary-7.8.8-0.4.2.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-classads-7.8.8-0.4.2.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-classads-7.8.8-0.4.2.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-kbdd-7.8.8-0.4.2.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-kbdd-7.8.8-0.4.2.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-qmf-7.8.8-0.4.2.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-qmf-7.8.8-0.4.2.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"condor-vm-gahp-7.8.8-0.4.2.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"condor-vm-gahp-7.8.8-0.4.2.el5_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"condor / condor-aviary / condor-classads / condor-kbdd / condor-qmf / etc\");\n }\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}]}
