Bug 457372 (CVE-2008-3424)
| Summary: | CVE-2008-3424 condor: incorrect handling of wild cards in authorization lists | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | jneedle, matt |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-08-27 11:15:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 457895, 457896 | ||
| Bug Blocks: | |||
CVE id CVE-2008-3424 was assigned to this issue: Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions. This issue only seems to affect configuration, when wild carded definition is used in DENY directive, and conflicting ALLOW authorization also exist. According to the documentation, such conflict should result in access being rejected, but this bug caused access to be allowed: http://www.cs.wisc.edu/condor/manual/v7.0/3_6Security.html#sec:Security-Authorization In most configurations, this problem can only be exploited by already authenticated user. Verified fix on RHEL4 and RHEL5 with condor-7.0.4-4 condor-7.0.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Red Hat Enterprise MRG for RHEL-4: http://rhn.redhat.com/errata/RHSA-2008-0816.html Red Hat Enterprise MRG for RHEL-5: http://rhn.redhat.com/errata/RHSA-2008-0814.html Fedora: https://admin.fedoraproject.org/updates/F9/FEDORA-2008-7205 |
Condor upstream version 7.0.4 fixes following security issue (quoting upstream release notes): This release fixes a problem causing possible incorrect handling of wild cards in authorization lists. Examples of the configuration variables that specify authorization lists are ALLOW_WRITE DENY_WRITE HOSTALLOW_WRITE HOSTDENY_WRITE If a configuration variable uses the asterisk character (*) in configuration variables that specify the authorization policy, it is advisable to upgrade. This is especially true for the use of wild cards in any DENY list, since this problem could result in access being allowed, when it should have been denied. This issue affects all previous versions of Condor. References: http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4 https://lists.cs.wisc.edu/archive/condor-world/2008q2/msg00003.shtml