CVE-2009-4133

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
condor_projectcondor
6.5.4
condor_projectcondor
6.8.0
condor_projectcondor
6.8.1
condor_projectcondor
6.8.2
condor_projectcondor
6.8.3
condor_projectcondor
6.8.4
condor_projectcondor
6.8.5
condor_projectcondor
6.8.6
condor_projectcondor
6.8.7
condor_projectcondor
6.8.8
condor_projectcondor
6.8.9
condor_projectcondor
7.0.0
condor_projectcondor
7.0.1
condor_projectcondor
7.0.2
condor_projectcondor
7.0.3
condor_projectcondor
7.0.4
condor_projectcondor
7.0.5
condor_projectcondor
7.0.6
condor_projectcondor
7.1.0
condor_projectcondor
7.1.1
condor_projectcondor
7.1.2
condor_projectcondor
7.1.3
condor_projectcondor
7.1.4
condor_projectcondor
7.2.0
condor_projectcondor
7.2.1
condor_projectcondor
7.2.2
condor_projectcondor
7.2.3
condor_projectcondor
7.2.4
condor_projectcondor
7.3.0
condor_projectcondor
7.3.1
condor_projectcondor
7.3.2
condor_projectcondor
7.4.0
redhatenterprise_mrg
1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
condor
sid
23.6.2+dfsg-2
fixed
trixie
23.6.2+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
condor
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
dne
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
karmic
ignored
jaunty
dne
intrepid
dne
hardy
dne
dapper
dne
References
http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018
http://secunia.com/advisories/37766
http://secunia.com/advisories/37803
http://securitytracker.com/id?1023378
http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000
http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html
http://www.redhat.com/support/errata/RHSA-2009-1688.html
http://www.redhat.com/support/errata/RHSA-2009-1689.html
http://www.securityfocus.com/bid/37443
https://bugzilla.redhat.com/show_bug.cgi?id=544371
https://exchange.xforce.ibmcloud.com/vulnerabilities/54984
http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018
http://secunia.com/advisories/37766
http://secunia.com/advisories/37803
http://securitytracker.com/id?1023378
http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000
http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html
http://www.redhat.com/support/errata/RHSA-2009-1688.html
http://www.redhat.com/support/errata/RHSA-2009-1689.html
http://www.securityfocus.com/bid/37443
https://bugzilla.redhat.com/show_bug.cgi?id=544371
https://exchange.xforce.ibmcloud.com/vulnerabilities/54984