Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2012:1168
HistoryAug 14, 2012 - 12:00 a.m.

(RHSA-2012:1168) Important: condor security update

2012-08-1400:00:00
access.redhat.com
12

0.018 Low

EPSS

Percentile

88.1%

JSON

Condor is a specialized workload management system for compute-intensive
jobs. It provides a job queuing mechanism, scheduling policy, priority
scheme, and resource monitoring and management.

Condor installations that rely solely upon host-based authentication were
vulnerable to an attacker who controls an IP, its reverse-DNS entry and has
knowledge of a target site’s security configuration. With this control and
knowledge, the attacker could bypass the target site’s host-based
authentication and be authorized to perform privileged actions (i.e.
actions requiring ALLOW_ADMINISTRATOR or ALLOW_WRITE). Condor deployments
using host-based authentication that contain no hostnames (IPs or IP globs
only) or use authentication stronger than host-based are not vulnerable.
(CVE-2012-3416)

Note: Condor will not run jobs as root; therefore, this flaw cannot lead to
a compromise of the root user account.

Red Hat would like to thank Ken Hahn and Dan Bradley for reporting this
issue.

All Red Hat Enterprise MRG 2.1 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
Condor must be restarted for the update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat5i386condor< 7.6.5-0.14.2.el5condor-7.6.5-0.14.2.el5.i386.rpm
RedHat5x86_64condor-qmf< 7.6.5-0.14.2.el5condor-qmf-7.6.5-0.14.2.el5.x86_64.rpm
RedHat5i386condor-vm-gahp< 7.6.5-0.14.2.el5condor-vm-gahp-7.6.5-0.14.2.el5.i386.rpm
RedHat5x86_64condor-vm-gahp< 7.6.5-0.14.2.el5condor-vm-gahp-7.6.5-0.14.2.el5.x86_64.rpm
RedHat5srccondor< 7.6.5-0.14.2.el5condor-7.6.5-0.14.2.el5.src.rpm
RedHat5i386condor-qmf< 7.6.5-0.14.2.el5condor-qmf-7.6.5-0.14.2.el5.i386.rpm
RedHat5x86_64condor-aviary< 7.6.5-0.14.2.el5condor-aviary-7.6.5-0.14.2.el5.x86_64.rpm
RedHat5x86_64condor-kbdd< 7.6.5-0.14.2.el5condor-kbdd-7.6.5-0.14.2.el5.x86_64.rpm
RedHat5i386condor-aviary< 7.6.5-0.14.2.el5condor-aviary-7.6.5-0.14.2.el5.i386.rpm
RedHat5x86_64condor-classads< 7.6.5-0.14.2.el5condor-classads-7.6.5-0.14.2.el5.x86_64.rpm
Rows per page:
1-10 of 131

Related

prion 1
nvd 1
nessus 3
fedora 1
ubuntucve 1
cvelist 1
cve 1
openvas 2
redhat 1
debiancve 1
prion
prion
Design/Logic Flaw
2012-08-25 10:29:00
nvd
nvd
CVE-2012-3416
2012-08-25 10:29:50
nessus
nessus
RHEL 6 : condor (RHSA-2012:1169)
2014-07-22 00:00:00
Fedora 17 : condor-7.9.1-0.1.fc17.2 (2012-12127)
2012-09-04 00:00:00
RHEL 5 : condor (RHSA-2012:1168)
2014-07-22 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: condor-7.9.1-0.1.fc17.2
2012-08-31 21:22:13
ubuntucve
ubuntucve
CVE-2012-3416
2012-08-25 00:00:00
cvelist
cvelist
CVE-2012-3416
2012-08-25 10:00:00
cve
cve
CVE-2012-3416
2012-08-25 10:29:50
openvas
openvas
Fedora Update for condor FEDORA-2012-12127
2012-09-04 00:00:00
Fedora Update for condor FEDORA-2012-12127
2012-09-04 00:00:00
redhat
redhat
(RHSA-2012:1169) Important: condor security update
2012-08-14 00:00:00
debiancve
debiancve
CVE-2012-3416
2012-08-25 10:29:50

0.018 Low

EPSS

Percentile

88.1%

JSON
Related for RHSA-2012:1168
prion1nvd1nessus3fedora1ubuntucve1cvelist1cve1openvas2redhat1debiancve1