Condor is vulnerable to information disclosure. Remote attackers are able to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port
, which leaks the ClaimId
.
condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=d2f33972
research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html
rhn.redhat.com/errata/RHSA-2012-1278.html
rhn.redhat.com/errata/RHSA-2012-1281.html
secunia.com/advisories/50666
www.openwall.com/lists/oss-security/2012/09/20/9
www.securityfocus.com/bid/55632
access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_5.html#RHSA-2012-1278
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=721110
bugzilla.redhat.com/show_bug.cgi?id=748507
bugzilla.redhat.com/show_bug.cgi?id=769573
bugzilla.redhat.com/show_bug.cgi?id=794660
bugzilla.redhat.com/show_bug.cgi?id=799838
bugzilla.redhat.com/show_bug.cgi?id=806071
bugzilla.redhat.com/show_bug.cgi?id=806079
bugzilla.redhat.com/show_bug.cgi?id=807738
bugzilla.redhat.com/show_bug.cgi?id=810519
bugzilla.redhat.com/show_bug.cgi?id=812126
bugzilla.redhat.com/show_bug.cgi?id=848222
bugzilla.redhat.com/show_bug.cgi?id=852321
rhn.redhat.com/errata/RHSA-2012-1278.html