cumin is vulnerable to user impersanation. Users able to authentication directories even when they have weak permissions in condor_io/condor_auth_fs.cpp
, allowing malicious users to impersonate users by renaming a user’s authentication directory.
condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1db67805
research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html
rhn.redhat.com/errata/RHSA-2012-1278.html
rhn.redhat.com/errata/RHSA-2012-1281.html
secunia.com/advisories/50666
www.openwall.com/lists/oss-security/2012/09/20/9
www.securityfocus.com/bid/55632
access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_5.html#RHSA-2012-1278
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=721110
bugzilla.redhat.com/show_bug.cgi?id=748507
bugzilla.redhat.com/show_bug.cgi?id=769573
bugzilla.redhat.com/show_bug.cgi?id=794660
bugzilla.redhat.com/show_bug.cgi?id=799838
bugzilla.redhat.com/show_bug.cgi?id=806071
bugzilla.redhat.com/show_bug.cgi?id=806079
bugzilla.redhat.com/show_bug.cgi?id=807738
bugzilla.redhat.com/show_bug.cgi?id=810519
bugzilla.redhat.com/show_bug.cgi?id=812126
bugzilla.redhat.com/show_bug.cgi?id=852321
bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492
rhn.redhat.com/errata/RHSA-2012-1278.html