Back to search
CVE-2012-3493
Published: Sep 28, 2012
Modified: Sep 16, 2024
PUBLISHED
Description
The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
55632
vdb-entry
x_refsource_BID
RHSA-2012:1278
vendor-advisory
x_refsource_REDHAT
http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html
x_refsource_CONFIRM
RHSA-2012:1281
vendor-advisory
x_refsource_REDHAT
http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=d2f33972
x_refsource_CONFIRM
50666
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=848222
x_refsource_MISC
[oss-security] 20120920 Notification of upstream Condor security fixes
mailing-list
x_refsource_MLIST
http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now