Vulnerabilities > CVE-2009-4133

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
condor-project
redhat
nessus

Summary

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-0213.NASL
    descriptionUpgrade to Condor 7.4.1, including recent security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id44886
    published2010-02-25
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44886
    titleFedora 12 : condor-7.4.1-1.fc12 (2010-0213)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-0213.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(44886);
      script_version("1.10");
      script_cvs_date("Date: 2019/08/02 13:32:30");
    
      script_cve_id("CVE-2009-4133");
      script_bugtraq_id(37443);
      script_xref(name:"FEDORA", value:"2010-0213");
    
      script_name(english:"Fedora 12 : condor-7.4.1-1.fc12 (2010-0213)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Upgrade to Condor 7.4.1, including recent security fix
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=544371"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033543.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e000f942"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected condor package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:condor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC12", reference:"condor-7.4.1-1.fc12")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "condor");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-0227.NASL
    descriptionUpdate to 7.4.1, including security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id44887
    published2010-02-25
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44887
    titleFedora 11 : condor-7.4.1-1.fc11 (2010-0227)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-0227.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(44887);
      script_version("1.10");
      script_cvs_date("Date: 2019/08/02 13:32:30");
    
      script_cve_id("CVE-2009-4133");
      script_bugtraq_id(37443);
      script_xref(name:"FEDORA", value:"2010-0227");
    
      script_name(english:"Fedora 11 : condor-7.4.1-1.fc11 (2010-0227)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 7.4.1, including security fixes
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=544371"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033550.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?42d73314"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected condor package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:condor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC11", reference:"condor-7.4.1-1.fc11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "condor");
    }
    

Redhat

advisories
  • rhsa
    idRHSA-2009:1688
  • rhsa
    idRHSA-2009:1689
rpms
  • condor-0:7.4.1-0.7.1.el4
  • condor-debuginfo-0:7.4.1-0.7.1.el4
  • condor-kbdd-0:7.4.1-0.7.1.el4
  • condor-qmf-plugins-0:7.4.1-0.7.1.el4
  • condor-0:7.4.1-0.7.1.el5
  • condor-debuginfo-0:7.4.1-0.7.1.el5
  • condor-kbdd-0:7.4.1-0.7.1.el5
  • condor-qmf-plugins-0:7.4.1-0.7.1.el5
  • condor-vm-gahp-0:7.4.1-0.7.1.el5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 37443 CVE ID: CVE-2009-4133 Condor是为计算密集任务所设计的专用负载管理系统,提供任务队列机制、调度策略、优先级规划和资源监控及管理。 Condor管理任务的方式存在漏洞,可能允许授权向Condor提交任务的用户以不同本地用户的身份排列任务,这可能导致非授权访问该用户的账号。Condor不会以root用户权限运行任务,因此这个漏洞不会导致入侵root用户账号。 Condor Project Condor 7.4 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1688-01)以及相应补丁: RHSA-2009:1688-01:Moderate: condor security update 链接:https://www.redhat.com/support/errata/RHSA-2009-1688.html Condor Project -------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000
idSSV:15139
last seen2017-11-19
modified2009-12-24
published2009-12-24
reporterRoot
titleCondor任务提交绕过安全限制漏洞