Lucene search

[email protected]CVE-2008-3424

HistoryJul 31, 2008 - 10:41 p.m.

CVE-2008-3424

2008-07-3122:41:00

CWE-863

[email protected]

web.nvd.nist.gov

cve-2008-3424

condor

security vulnerability

access restriction

authorization policy

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.0%

JSON

Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.

Affected configurations

NVD

Node

condor_projectcondorRange<7.0.4

Node

fedoraprojectfedoraMatch9

CPENameOperatorVersion
condor_project:condorcondor project condorlt7.0.4

CPE	Name	Operator	Version
condor_project:condor	condor project condor	lt	7.0.4

References

secunia.com/advisories/31284

secunia.com/advisories/31423

secunia.com/advisories/31459

www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4

www.redhat.com/support/errata/RHSA-2008-0814.html

www.redhat.com/support/errata/RHSA-2008-0816.html

www.securityfocus.com/bid/30440

www.securitytracker.com/id?1020646

exchange.xforce.ibmcloud.com/vulnerabilities/44063

www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.0%

JSON

Related for CVE-2008-3424

openvas2 nessus1 debiancve1 cvelist1 fedora1 prion1 redhat1 nvd1