CVE-2012-3491 : src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permiss

src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.

Published 2012-09-28 17:55:01

Updated 2012-10-03 04:00:00

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-3491

Probability of exploitation activity in the next 30 days: 0.58%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-3491

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2012-3491

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3491

http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html

8.3 Stable Release Series 7.6

CVEs referencing this url
http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html

9.3 Stable Release Series 7.8

CVEs referencing this url
http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1fff5d40

HTCondor Git - condor.git/commitdiff
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=848214

848214 – (CVE-2012-3491) CVE-2012-3491 condor: local users can abort any idle jobs
http://rhn.redhat.com/errata/RHSA-2012-1281.html

RHSA-2012:1281 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/55632

Condor Multiple Security Bypass Vulnerabilities

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2012-1278.html

RHSA-2012:1278 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/09/20/9

oss-security - Notification of upstream Condor security fixes

CVEs referencing this url

Products affected by CVE-2012-3491

Condor Project » Condor » Version: 7.6.0
cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.6.1
cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.6.2
cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.6.3
cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.6.4
cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.8.0
cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.8.1
cpe:2.3:a:condor_project:condor:7.8.1:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.6.6
cpe:2.3:a:condor_project:condor:7.6.6:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.6.5
cpe:2.3:a:condor_project:condor:7.6.5:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.8.3
cpe:2.3:a:condor_project:condor:7.8.3:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.6.8
cpe:2.3:a:condor_project:condor:7.6.8:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.8.2
cpe:2.3:a:condor_project:condor:7.8.2:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.6.9
cpe:2.3:a:condor_project:condor:7.6.9:*:*:*:*:*:*:*
Matching versions
Condor Project » Condor » Version: 7.6.7
cpe:2.3:a:condor_project:condor:7.6.7:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-3491

Exploit prediction scoring system (EPSS) score for CVE-2012-3491

CVSS scores for CVE-2012-3491

CWE ids for CVE-2012-3491

References for CVE-2012-3491

Products affected by CVE-2012-3491