8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
76.6%
HTCondor is a specialized workload management system for compute-intensive
jobs. It provides a job queuing mechanism, scheduling policy, priority
scheme, and resource monitoring and management.
The HTCondor scheduler can optionally notify a user of completed jobs by
sending an email. Due to the way the daemon sent the email message,
authenticated users able to submit jobs could execute arbitrary code with
the privileges of the condor user. (CVE-2014-8126)
This issue was discovered by Florian Weimer of Red Hat Product Security.
All Red Hat Enterprise MRG 2.5 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
HTCondor must be restarted for the update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | condor-cluster-resource-agent | <Â 7.8.10-0.2.el6 | condor-cluster-resource-agent-7.8.10-0.2.el6.x86_64.rpm |
RedHat | 6 | x86_64 | condor-vm-gahp | <Â 7.8.10-0.2.el6 | condor-vm-gahp-7.8.10-0.2.el6.x86_64.rpm |
RedHat | 6 | x86_64 | condor-classads | <Â 7.8.10-0.2.el6 | condor-classads-7.8.10-0.2.el6.x86_64.rpm |
RedHat | 6 | i686 | condor-classads | <Â 7.8.10-0.2.el6 | condor-classads-7.8.10-0.2.el6.i686.rpm |
RedHat | 6 | x86_64 | condor-debuginfo | <Â 7.8.10-0.2.el6 | condor-debuginfo-7.8.10-0.2.el6.x86_64.rpm |
RedHat | 6 | i686 | condor-plumage | <Â 7.8.10-0.2.el6 | condor-plumage-7.8.10-0.2.el6.i686.rpm |
RedHat | 6 | i686 | condor-aviary | <Â 7.8.10-0.2.el6 | condor-aviary-7.8.10-0.2.el6.i686.rpm |
RedHat | 6 | i686 | condor-qmf | <Â 7.8.10-0.2.el6 | condor-qmf-7.8.10-0.2.el6.i686.rpm |
RedHat | 6 | i686 | condor-debuginfo | <Â 7.8.10-0.2.el6 | condor-debuginfo-7.8.10-0.2.el6.i686.rpm |
RedHat | 6 | src | condor | <Â 7.8.10-0.2.el6 | condor-7.8.10-0.2.el6.src.rpm |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
76.6%