CVE-2009-4133

EUVD-2009-4103
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
condor_projectcondor
6.5.4
condor_projectcondor
6.8.0
condor_projectcondor
6.8.1
condor_projectcondor
6.8.2
condor_projectcondor
6.8.3
condor_projectcondor
6.8.4
condor_projectcondor
6.8.5
condor_projectcondor
6.8.6
condor_projectcondor
6.8.7
condor_projectcondor
6.8.8
condor_projectcondor
6.8.9
condor_projectcondor
7.0.0
condor_projectcondor
7.0.1
condor_projectcondor
7.0.2
condor_projectcondor
7.0.3
condor_projectcondor
7.0.4
condor_projectcondor
7.0.5
condor_projectcondor
7.0.6
condor_projectcondor
7.1.0
condor_projectcondor
7.1.1
condor_projectcondor
7.1.2
condor_projectcondor
7.1.3
condor_projectcondor
7.1.4
condor_projectcondor
7.2.0
condor_projectcondor
7.2.1
condor_projectcondor
7.2.2
condor_projectcondor
7.2.3
condor_projectcondor
7.2.4
condor_projectcondor
7.3.0
condor_projectcondor
7.3.1
condor_projectcondor
7.3.2
condor_projectcondor
7.4.0
redhatenterprise_mrg
1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
condor
sid
23.6.2+dfsg-2
fixed
trixie
23.6.2+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
condor
dapper
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
dne
quantal
not-affected
raring
not-affected
saucy
not-affected
References
http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018
http://secunia.com/advisories/37766
http://secunia.com/advisories/37803
http://securitytracker.com/id?1023378
http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000
http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html
http://www.redhat.com/support/errata/RHSA-2009-1688.html
http://www.redhat.com/support/errata/RHSA-2009-1689.html
http://www.securityfocus.com/bid/37443
https://bugzilla.redhat.com/show_bug.cgi?id=544371
https://exchange.xforce.ibmcloud.com/vulnerabilities/54984
http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018
http://secunia.com/advisories/37766
http://secunia.com/advisories/37803
http://securitytracker.com/id?1023378
http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000
http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html
http://www.redhat.com/support/errata/RHSA-2009-1688.html
http://www.redhat.com/support/errata/RHSA-2009-1689.html
http://www.securityfocus.com/bid/37443
https://bugzilla.redhat.com/show_bug.cgi?id=544371
https://exchange.xforce.ibmcloud.com/vulnerabilities/54984