CVE-2009-4133

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2009-1689.html
http://www.redhat.com/support/errata/RHSA-2009-1688.html
http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000	Vendor Advisory
http://securitytracker.com/id?1023378
https://bugzilla.redhat.com/show_bug.cgi?id=544371
http://www.securityfocus.com/bid/37443
http://secunia.com/advisories/37766	Vendor Advisory
http://secunia.com/advisories/37803	Vendor Advisory
http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html	Vendor Advisory
http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018
https://exchange.xforce.ibmcloud.com/vulnerabilities/54984

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:condor_project:condor:7.2.4:::::::*
	cpe:2.3:a:condor_project:condor:7.2.3:::::::*
	cpe:2.3:a:condor_project:condor:7.1.0:::::::*
	cpe:2.3:a:condor_project:condor:7.0.6:::::::*
	cpe:2.3:a:condor_project:condor:6.8.5:::::::*
	cpe:2.3:a:condor_project:condor:6.8.6:::::::*
	cpe:2.3:a:condor_project:condor:7.0.1:::::::*
	cpe:2.3:a:condor_project:condor:7.0.3:::::::*
	cpe:2.3:a:condor_project:condor:7.2.2:::::::*
	cpe:2.3:a:condor_project:condor:7.2.1:::::::*
	cpe:2.3:a:condor_project:condor:6.5.4:::::::*
	cpe:2.3:a:condor_project:condor:7.1.4:::::::*
	cpe:2.3:a:condor_project:condor:6.8.1:::::::*
	cpe:2.3:a:condor_project:condor:7.1.3:::::::*
	cpe:2.3:a:condor_project:condor:6.8.4:::::::*
	cpe:2.3:a:condor_project:condor:7.1.1:::::::*
	cpe:2.3:a:condor_project:condor:7.0.0:::::::*
	cpe:2.3:a:condor_project:condor:7.3.2:::::::*
	cpe:2.3:a:condor_project:condor:7.2.0:::::::*
	cpe:2.3:a:condor_project:condor:7.3.0:::::::*
	cpe:2.3:a:condor_project:condor:6.8.9:::::::*
	cpe:2.3:a:condor_project:condor:6.8.0:::::::*
	cpe:2.3:a:condor_project:condor:6.8.7:::::::*
	cpe:2.3:a:condor_project:condor:6.8.3:::::::*
	cpe:2.3:a:condor_project:condor:7.0.5:::::::*
	cpe:2.3:a:condor_project:condor:7.0.2:::::::*
	cpe:2.3:a:condor_project:condor:7.4.0:::::::*
	cpe:2.3:a:condor_project:condor:7.3.1:::::::*
	cpe:2.3:a:condor_project:condor:7.1.2:::::::*
	cpe:2.3:a:condor_project:condor:6.8.8:::::::*
	cpe:2.3:a:condor_project:condor:7.0.4:::::::*
	cpe:2.3:a:condor_project:condor:6.8.2:::::::*

cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*

Information

Published : 2009-12-23 10:30

Updated : 2021-07-15 12:16

NVD link : CVE-2009-4133

Mitre link : CVE-2009-4133

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

redhat

enterprise_mrg

condor_project

condor

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html", "name": "RHSA-2009:1689", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html", "name": "RHSA-2009:1688", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000", "name": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1023378", "name": "1023378", "tags": [], "refsource": "SECTRACK"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=544371", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/37443", "name": "37443", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/37766", "name": "37766", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/37803", "name": "37803", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html", "name": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018", "name": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018", "tags": [], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984", "name": "condor-jobs-security-bypass(54984)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-4133", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2009-12-23T18:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:6.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-07-15T19:16Z"}

6.5 /10