Bug 848218 (CVE-2012-3492)

Summary: CVE-2012-3492 condor: lock directories created mode 0777 allow for FS-based authentication challenge bypass
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: iboverma, jneedle, mcressma, mrg-program-list, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: condor 7.6.10, condor 7.8.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-19 21:55:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 836294, 858867    
Bug Blocks: 828434, 846654    

Description Vincent Danen 2012-08-14 22:43:08 UTC
Florian Weimer of the Red Hat Product Security Team discovered that Condor's file system authentication challenge accepted directories with weak permissions (for example, world readable, writable and executable permissions). If a user created a directory with such permissions, a local attacker could rename it, allowing them to execute jobs with the privileges of the victim user.

Comment 1 Vincent Danen 2012-09-19 15:55:43 UTC
Acknowledgements:

This issue was discovered by Florian Weimer of the Red Hat Product Security Team.

Comment 2 errata-xmlrpc 2012-09-19 17:45:21 UTC
This issue has been addressed in following products:

  MRG for RHEL-5 v. 2

Via RHSA-2012:1278 https://rhn.redhat.com/errata/RHSA-2012-1278.html

Comment 3 errata-xmlrpc 2012-09-19 17:53:18 UTC
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:1281 https://rhn.redhat.com/errata/RHSA-2012-1281.html

Comment 4 Vincent Danen 2012-09-19 21:07:07 UTC
Created condor tracking bugs for this issue

Affects: fedora-all [bug 858867]

Comment 5 Vincent Danen 2012-09-19 21:59:57 UTC
This has been resolved in upstream 7.6.10 and 7.8.4:

https://lists.cs.wisc.edu/archive/condor-users/2012-September/msg00077.shtml

Comment 6 Vincent Danen 2012-09-20 21:46:31 UTC
Upstream git commit:

http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1db67805