CVE-2008-3830

Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
condor_projectcondor
𝑥
≤ 7.0.4
condor_projectcondor
6.8.0
condor_projectcondor
6.8.1
condor_projectcondor
6.8.2
condor_projectcondor
6.8.3
condor_projectcondor
6.8.4
condor_projectcondor
6.8.5
condor_projectcondor
6.8.6
condor_projectcondor
6.8.7
condor_projectcondor
6.8.8
condor_projectcondor
6.8.9
condor_projectcondor
7.0.0
condor_projectcondor
7.0.1
condor_projectcondor
7.0.2
condor_projectcondor
7.0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
condor
sid
23.6.2+dfsg-2
fixed
trixie
23.6.2+dfsg-2
fixed
Common Weakness Enumeration
References
http://secunia.com/advisories/32189
http://secunia.com/advisories/32193
http://secunia.com/advisories/32232
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000
http://www.redhat.com/support/errata/RHSA-2008-0911.html
http://www.redhat.com/support/errata/RHSA-2008-0924.html
http://www.securityfocus.com/bid/31621
http://www.securitytracker.com/id?1021002
http://www.vupen.com/english/advisories/2008/2760
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html
http://secunia.com/advisories/32189
http://secunia.com/advisories/32193
http://secunia.com/advisories/32232
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000
http://www.redhat.com/support/errata/RHSA-2008-0911.html
http://www.redhat.com/support/errata/RHSA-2008-0924.html
http://www.securityfocus.com/bid/31621
http://www.securitytracker.com/id?1021002
http://www.vupen.com/english/advisories/2008/2760
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html