Bug 919401 (CVE-2013-4255)

Summary: CVE-2013-4255 condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: iboverma, jneedle, mcressma, mkudlej, security-response-team, sgraf
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-19 22:00:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 919037, 999579    
Bug Blocks: 919407    

Description Jan Lieskovsky 2013-03-08 11:22:42 UTC 
A denial of service flaw was found in the way Condor's policy definition evaluator processed certain policy definitions. If an administrator used an attribute defined on a job in any of the following condor_startd policies (CONTINUE, KILL, PREEMPT, SUSPEND), a remote Condor service user could use this flaw to cause a denial of the condor_startd service by submitting a Condor job that caused certain policy definition to be evaluated to either ERROR or UNDEFINED states.

Workaround:
===========
Check for UNDEFINED & ERROR in the policy configuration.
Comment 2 Jan Lieskovsky 2013-03-08 11:38:26 UTC 
Acknowledgements:

This issue was found by Matthew Farrellee of Red Hat.
Comment 3 Tomas Hoger 2013-08-16 13:48:20 UTC 
Upstream pointed out that this issue is known with several public upstream bug reports related to this problem:

https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786
https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829
Comment 4 Tomas Hoger 2013-08-21 15:27:55 UTC 
Making this bug public.
Comment 5 Tomas Hoger 2013-08-21 15:29:46 UTC 
Created condor tracking bugs for this issue:

Affects: fedora-all [bug 999579]
Comment 6 errata-xmlrpc 2013-08-21 17:28:37 UTC 
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2013:1172 https://rhn.redhat.com/errata/RHSA-2013-1172.html
Comment 7 errata-xmlrpc 2013-08-21 17:28:45 UTC 
This issue has been addressed in following products:

  MRG for RHEL-5 v. 2

Via RHSA-2013:1171 https://rhn.redhat.com/errata/RHSA-2013-1171.html