Bug 869786 (CVE-2012-5196)

Summary: CVE-2012-5196 condor: multiple buffer overflows
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: grid-maint-list, iboverma, jneedle, matt, mcressma
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-24 19:50:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vincent Danen 2012-10-24 19:49:23 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5196 to
the following vulnerability:

Name: CVE-2012-5196
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5196
Assigned: 20120928
Reference: http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
Reference: http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html

Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x
before 7.8.4 have unknown impact and attack vectors.


These issues were noted in the release notes to have no security impact:

* Security Item: Although not user-visible, there were multiple updates to remove places in the code where potential buffer overruns could occur, thus removing potential attacks. None were known to be exploitable.

We have been unable to confirm which exact flaws these are with upstream, however we do believe that this is the removal of ClassAd::LookupString(), which cannot be used securely, so it was removed.  Another would be the change from using sprintf() to snprintf() in BaseShadow::log_except(), which was also not viewed as exploitable (Red Hat products also build condor with FORTIFY_SOURCE which would render any overflow a non-issue, if it could be exploited).

While the Red Hat Security Response Team did not view these as security flaws, they were included in MRG Grid 2.2 (RHSA-2012:1278) as proactive/hardening fixes.


Statement:

The Red Hat Security Response team does not consider this bug to be security relevant.  However, it has been corrected in MRG Grid 2.2 (via RHSA-2012:1278 and RHSA-2012:1281) as a proactive/hardening measure.