CVE-2009-4133
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/12/2009
Last modified:
09/04/2025
Description
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.
Impact
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:condor_project:condor:6.5.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018
- http://secunia.com/advisories/37766
- http://secunia.com/advisories/37803
- http://securitytracker.com/id?1023378=
- http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000
- http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html
- http://www.redhat.com/support/errata/RHSA-2009-1688.html
- http://www.redhat.com/support/errata/RHSA-2009-1689.html
- http://www.securityfocus.com/bid/37443
- https://bugzilla.redhat.com/show_bug.cgi?id=544371
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54984
- http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018
- http://secunia.com/advisories/37766
- http://secunia.com/advisories/37803
- http://securitytracker.com/id?1023378=
- http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000
- http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html
- http://www.redhat.com/support/errata/RHSA-2009-1688.html
- http://www.redhat.com/support/errata/RHSA-2009-1689.html
- http://www.securityfocus.com/bid/37443
- https://bugzilla.redhat.com/show_bug.cgi?id=544371
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54984