This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 457372 - (CVE-2008-3424) CVE-2008-3424 condor: incorrect handling of wild cards in authorization lists
CVE-2008-3424 condor: incorrect handling of wild cards in authorization lists
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
source=bugzilla,public=20080723,repor...
: Security
Depends On: 457895 457896
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-31 05:00 EDT by Tomas Hoger
Modified: 2008-08-27 07:15 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-27 07:15:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-07-31 05:00:06 EDT
Condor upstream version 7.0.4 fixes following security issue (quoting upstream
release notes):

  This release fixes a problem causing possible incorrect handling of wild
  cards in authorization lists. Examples of the configuration variables that
  specify authorization lists are

    ALLOW_WRITE
    DENY_WRITE
    HOSTALLOW_WRITE
    HOSTDENY_WRITE

  If a configuration variable uses the asterisk character (*) in configuration
  variables that specify the authorization policy, it is advisable to upgrade.
  This is especially true for the use of wild cards in any DENY list, since
  this problem could result in access being allowed, when it should have been
  denied. This issue affects all previous versions of Condor.

References:
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4
https://lists.cs.wisc.edu/archive/condor-world/2008q2/msg00003.shtml
Comment 2 Tomas Hoger 2008-08-01 04:06:23 EDT
CVE id CVE-2008-3424 was assigned to this issue:

Condor before 7.0.4 does not properly handle wildcards in the
ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE
configuration variables in authorization policy lists, which might
allow remote attackers to bypass intended access restrictions.
Comment 3 Tomas Hoger 2008-08-05 05:24:23 EDT
This issue only seems to affect configuration, when wild carded definition is used in DENY directive, and conflicting ALLOW authorization also exist.  According to the documentation, such conflict should result in access being rejected, but this bug caused access to be allowed:

http://www.cs.wisc.edu/condor/manual/v7.0/3_6Security.html#sec:Security-Authorization

In most configurations, this problem can only be exploited by already authenticated user.
Comment 5 Jeff Needle 2008-08-08 16:50:37 EDT
Verified fix on RHEL4 and RHEL5 with condor-7.0.4-4
Comment 6 Fedora Update System 2008-08-12 14:24:33 EDT
condor-7.0.4-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Red Hat Product Security 2008-08-27 07:15:14 EDT
This issue was addressed in:

Red Hat Enterprise MRG for RHEL-4:
  http://rhn.redhat.com/errata/RHSA-2008-0816.html

Red Hat Enterprise MRG for RHEL-5:
  http://rhn.redhat.com/errata/RHSA-2008-0814.html

Fedora:
  https://admin.fedoraproject.org/updates/F9/FEDORA-2008-7205

Note You need to log in before you can comment on or make changes to this bug.