Vulnerability CVE-2012-3491
Published: 2012-09-28

Description:
src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Condor project -> Condor 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=848214
http://www.securityfocus.com/bid/55632
http://www.openwall.com/lists/oss-security/2012/09/20/9
http://secunia.com/advisories/50666
http://rhn.redhat.com/errata/RHSA-2012-1281.html
http://rhn.redhat.com/errata/RHSA-2012-1278.html
http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html
http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1fff5d40
Copyright 2024, cxsecurity.com

 

Back to Top