---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Condor Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32189 VERIFY ADVISORY: http://secunia.com/advisories/32189/ CRITICAL: Moderately critical IMPACT: Security Bypass, DoS, System access WHERE: >From remote SOFTWARE: Condor 7.x http://secunia.com/advisories/product/19387/ DESCRIPTION: Some vulnerabilities have been reported Condor, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system, and by malicious people to bypass certain security restrictions. 1) An unspecified error within the handling of submitted jobs can be exploited to run tasks as any non-root user. 2) An unspecified boundary error within the "condor_schedd" daemon can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 3) An unspecified error within the "condor_schedd" daemon can be exploited to crash the service. Successful exploitation of the above vulnerabilities requires the permission to submit jobs. 4) An error exists within the processing of allow and deny access control netmasks. This may result in access rules being ignored for certain overlapping netmasks, potentially allowing unauthorised access. Successful exploitation of the above vulnerabilities requires the permission to submit jobs. SOLUTION: Update to version 7.0.5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Condor 7.0.5 Release Notes: http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------