CVE-2008-3424 - Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRI

CVE-2008-3424

Summary

Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.

References

Vulnerable Configurations

cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 12-01-2024 - 20:45)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa
id RHSA-2008:0814
rhsa
id RHSA-2008:0816

rpms

condor-0:7.0.4-4.el5
condor-debuginfo-0:7.0.4-4.el5
condor-static-0:7.0.4-4.el5
condor-0:7.0.4-4.el4
condor-debuginfo-0:7.0.4-4.el4
condor-static-0:7.0.4-4.el4

refmap via4

bid	30440
confirm	http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4
fedora	FEDORA-2008-7205
sectrack	1020646
secunia	31284 31423 31459
xf	condor-authpolicy-security-bypass(44063)

Last major update

12-01-2024 - 20:45

Published

31-07-2008 - 22:41

Last modified

12-01-2024 - 20:45