Vulnerability Details : CVE-2010-4179
The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.
Exploit prediction scoring system (EPSS) score for CVE-2010-4179
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4179
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-4179
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4179
-
http://www.redhat.com/support/errata/RHSA-2010-0922.html
SupportVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=654856
654856 – (CVE-2010-4179) CVE-2010-4179 schedd plugin: enable QUEUE_ALL_USERS_TRUSTED for Submit/Hold/Release/Remove ops
-
http://www.vupen.com/english/advisories/2010/3091
Webmail | OVH- OVHVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0921.html
SupportVendor Advisory
-
http://www.securitytracker.com/id?1024806
Red Hat Enterprise MRG Messaging Lets Local Users Gain Elevated Privileges - SecurityTracker
Products affected by CVE-2010-4179
- cpe:2.3:o:redhat:enterprise_mrg:1.3:*:*:*:*:*:*:*