CVE-2010-4179

The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securitytracker.com/id?1024806
http://www.vupen.com/english/advisories/2010/3091	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0922.html	Vendor Advisory
http://secunia.com/advisories/42406	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=654856
http://www.redhat.com/support/errata/RHSA-2010-0921.html	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:redhat:enterprise_mrg:1.3:*:*:*:*:*:*:*

Information

Published : 2010-12-07 14:00

Updated : 2023-02-12 20:28

NVD link : CVE-2010-4179

Mitre link : CVE-2010-4179

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

redhat

enterprise_mrg

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securitytracker.com/id?1024806", "name": "1024806", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2010/3091", "name": "ADV-2010-3091", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0922.html", "name": "RHSA-2010:0922", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/42406", "name": "42406", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654856", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=654856", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0921.html", "name": "RHSA-2010:0921", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-4179", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-12-07T22:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_mrg:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T04:28Z"}