CVE-2008-3830
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
26.7%
Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.
Affected configurations
References
secunia.com/advisories/32189
secunia.com/advisories/32193
secunia.com/advisories/32232
www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000
www.redhat.com/support/errata/RHSA-2008-0911.html
www.redhat.com/support/errata/RHSA-2008-0924.html
www.securityfocus.com/bid/31621
www.securitytracker.com/id?1021002
www.vupen.com/english/advisories/2008/2760
www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
26.7%