1. CVE-Search
  2. CVE-2009-4133
ID CVE-2009-4133
Summary Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.
References
Vulnerable Configurations
  • cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:6.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:6.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 15-07-2021 - 19:16)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2009:1688
  • rhsa
    id RHSA-2009:1689
rpms
  • condor-0:7.4.1-0.7.1.el4
  • condor-debuginfo-0:7.4.1-0.7.1.el4
  • condor-kbdd-0:7.4.1-0.7.1.el4
  • condor-qmf-plugins-0:7.4.1-0.7.1.el4
  • condor-0:7.4.1-0.7.1.el5
  • condor-debuginfo-0:7.4.1-0.7.1.el5
  • condor-kbdd-0:7.4.1-0.7.1.el5
  • condor-qmf-plugins-0:7.4.1-0.7.1.el5
  • condor-vm-gahp-0:7.4.1-0.7.1.el5
refmap via4
bid 37443
confirm
misc http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018
sectrack 1023378
secunia
  • 37766
  • 37803
xf condor-jobs-security-bypass(54984)
Last major update 15-07-2021 - 19:16
Published 23-12-2009 - 18:30
Last modified 15-07-2021 - 19:16
Back to Top