17 matches found
CVE-2008-3828
CVE-2008-3828: A stack-based buffer overflow in the condor_schedd daemon of Condor up to version before 7.0.5 can be triggered locally to crash the service and possibly allow arbitrary code execution via unknown vectors. Affected software/version: Condor prior to 7.0.5 (condor_schedd). Impact: de...
CVE-2012-4462
Summary (CVE-2012-4462) : The vulnerability affects Condor (HTCondor) components used with Red Hat Enterprise MRG Grid 2.3. Specifically, removing a job via aviary/jobcontrol.py when CPROC contains square brackets can crash the condor_schedd, leading to a denial of service. The issue is rooted in...
CVE-2008-3424
The CVE-2008-3424 vulnerability affects Condor up to version 7.0.4, arising from improper handling of wildcards in ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, and HOSTDENY_WRITE in authorization policy lists. This could allow authenticated remote users to bypass access restrictions and submit jobs,...
CVE-2011-4930
CVE-2011-4930 concerns multiple format string flaws in Condor 7.2.0–7.6.4 (and possibly 7.7.x), used with Red Hat MRG Grid. An authenticated Condor service user could leverage these flaws to crash the condor_schedd daemon, prevent job scheduling/execution, or potentially execute arbitrary code vi...
CVE-2013-4255
HTCondor vulnerability CVE-2013-4255 affects policy evaluation in Condor (7.5.4, 8.0.0 and earlier). If a job defines a policy attribute in CONTINUE, KILL, PREEMPT, SUSPEND, or related policies that evaluates to UNDEFINED/ERROR/Unconfigured, a remote authenticated user could cause condor_startd t...
CVE-2008-3826
CVE-2008-3826 affects the Condor workload management system prior to 7.0.5. The vulnerability allows attackers to run jobs as other users via unknown vectors. Public docs in the connected set identify the affected product/version and note this as an unspecified vulnerability, with Fedora/RH advis...
CVE-2008-3830
CVE-2008-3830 affects Condor up to 7.0.4-7.x; the issue arises when configuration specifies overlapping netmasks in allow/deny rules, causing a rule to be ignored and enabling bypass of access restrictions. Public sources (NVD) describe the vulnerability; Fedora 9 and Red Hat advisories reference...
CVE-2009-4133
CVE-2009-4133 affects Condor (versions 6.5.4–7.2.4, 7.3.x, and 7.4.0 as used in MRG/GRID environments). The issue allows remote authenticated users to queue jobs as an arbitrary user by using a Condor CLI tool to modify an unspecified job attribute, enabling privilege elevation (partial confident...
CVE-2012-3492
CVE-2012-3492 affects Condor 7.6.x (pre-7.6.10) and 7.8.x (pre-7.8.4). The issue stems from filesystem authentication using authentication directories even when permissions are weak, enabling an attacker to impersonate a user by renaming the user’s authentication directory. The connected document...
CVE-2012-3493
CVE-2012-3493 affects Condor 7.6.x (before 7.6.10) and 7.8.x (before 7.8.4). A remote ClassAd request to condor_startd can leak the ClaimId, enabling possible information disclosure and, potentially, control or start of arbitrary jobs. Remediation: upgrade to 7.6.10/7.8.4 or later (per descriptio...
CVE-2009-5136
CVE-2009-5136 affects Condor before 7.4.2. The policy definition evaluator does not correctly handle attributes in a WANT_SUSPEND policy that evaluate to UNDEFINED, allowing remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. The issue is documented acr...
CVE-2012-3416
CVE-2012-3416 affects Condor prior to 7.8.2. A remote attacker could bypass host-based authentication and perform privileged actions (e.g., ALLOW_ADMINISTRATOR, ALLOW_WRITE) by connecting from a system with a spoofed reverse DNS hostname. The issue is rated CVSSv2 base 10.0 (HIGH) with network ac...
CVE-2012-5390
The CVE-2012-5390 entry concerns the Condor project: the standard universe shadow component (condor_shadow.std) in Condor versions 7.7.3–7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does not properly check privileges, enabling remote attackers to gain elevated privileges via a crafted standard universe j...
CVE-2012-3491
CVE-2012-3491 affects Condor 7.6.x (before 7.6.10) and 7.8.x (before 7.8.4). The issue is an improper permissions check in src/condor_schedd.V6/schedd.cpp that could allow remote authenticated users to remove arbitrary idle jobs via unspecified vectors. The connected documents corroborate the vul...
CVE-2008-3829
CVE-2008-3829 affects the Condor project’s condor_schedd daemon in Condor, with versions prior to 7.0.5 . The vulnerability is described as an unspecified issue that allows an attacker to cause a denial of service (crash) via unknown vectors. Public references in the connected documents confirm t...
CVE-2012-5196
The CVE-2012-5196 entry concerns multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4. The connected documents provide versions and the described issue but do not include concrete impact specifics or attack vectors beyond stating they are unknown. No exploit details or m...
CVE-2012-5197
Concisely, CVE-2012-5197 affects Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 with multiple unspecified vulnerabilities related to error checking of system calls. The connected documents describe unknown impact and attack vectors; no explicit exploitation details or remediation are provided ...