Vulnerabilities > CVE-2009-4133
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-0213.NASL description Upgrade to Condor 7.4.1, including recent security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 44886 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44886 title Fedora 12 : condor-7.4.1-1.fc12 (2010-0213) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-0213. # include("compat.inc"); if (description) { script_id(44886); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:30"); script_cve_id("CVE-2009-4133"); script_bugtraq_id(37443); script_xref(name:"FEDORA", value:"2010-0213"); script_name(english:"Fedora 12 : condor-7.4.1-1.fc12 (2010-0213)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Upgrade to Condor 7.4.1, including recent security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=544371" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033543.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e000f942" ); script_set_attribute( attribute:"solution", value:"Update the affected condor package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:condor"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC12", reference:"condor-7.4.1-1.fc12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "condor"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2010-0227.NASL description Update to 7.4.1, including security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 44887 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44887 title Fedora 11 : condor-7.4.1-1.fc11 (2010-0227) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-0227. # include("compat.inc"); if (description) { script_id(44887); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:30"); script_cve_id("CVE-2009-4133"); script_bugtraq_id(37443); script_xref(name:"FEDORA", value:"2010-0227"); script_name(english:"Fedora 11 : condor-7.4.1-1.fc11 (2010-0227)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 7.4.1, including security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=544371" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033550.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?42d73314" ); script_set_attribute( attribute:"solution", value:"Update the affected condor package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:condor"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC11", reference:"condor-7.4.1-1.fc11")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "condor"); }
Redhat
advisories |
| ||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 37443 CVE ID: CVE-2009-4133 Condor是为计算密集任务所设计的专用负载管理系统,提供任务队列机制、调度策略、优先级规划和资源监控及管理。 Condor管理任务的方式存在漏洞,可能允许授权向Condor提交任务的用户以不同本地用户的身份排列任务,这可能导致非授权访问该用户的账号。Condor不会以root用户权限运行任务,因此这个漏洞不会导致入侵root用户账号。 Condor Project Condor 7.4 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1688-01)以及相应补丁: RHSA-2009:1688-01:Moderate: condor security update 链接:https://www.redhat.com/support/errata/RHSA-2009-1688.html Condor Project -------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000 |
id | SSV:15139 |
last seen | 2017-11-19 |
modified | 2009-12-24 |
published | 2009-12-24 |
reporter | Root |
title | Condor任务提交绕过安全限制漏洞 |
References
- http://www.redhat.com/support/errata/RHSA-2009-1689.html
- http://www.redhat.com/support/errata/RHSA-2009-1688.html
- http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000
- http://securitytracker.com/id?1023378
- https://bugzilla.redhat.com/show_bug.cgi?id=544371
- http://www.securityfocus.com/bid/37443
- http://secunia.com/advisories/37766
- http://secunia.com/advisories/37803
- http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html
- http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54984