Bug 457372 (CVE-2008-3424) - CVE-2008-3424 condor: incorrect handling of wild cards in authorization lists
Summary: CVE-2008-3424 condor: incorrect handling of wild cards in authorization lists
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-3424
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 457895 457896
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-31 09:00 UTC by Tomas Hoger
Modified: 2019-09-29 12:25 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-08-27 11:15:14 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0814 0 normal SHIPPED_LIVE Moderate: condor security and bug fix update 2008-08-11 17:48:14 UTC
Red Hat Product Errata RHSA-2008:0816 0 normal SHIPPED_LIVE Moderate: condor security and bug fix update 2008-08-11 17:55:17 UTC

Description Tomas Hoger 2008-07-31 09:00:06 UTC 
Condor upstream version 7.0.4 fixes following security issue (quoting upstream
release notes):

  This release fixes a problem causing possible incorrect handling of wild
  cards in authorization lists. Examples of the configuration variables that
  specify authorization lists are

    ALLOW_WRITE
    DENY_WRITE
    HOSTALLOW_WRITE
    HOSTDENY_WRITE

  If a configuration variable uses the asterisk character (*) in configuration
  variables that specify the authorization policy, it is advisable to upgrade.
  This is especially true for the use of wild cards in any DENY list, since
  this problem could result in access being allowed, when it should have been
  denied. This issue affects all previous versions of Condor.

References:
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4
https://lists.cs.wisc.edu/archive/condor-world/2008q2/msg00003.shtml
Comment 2 Tomas Hoger 2008-08-01 08:06:23 UTC 
CVE id CVE-2008-3424 was assigned to this issue:

Condor before 7.0.4 does not properly handle wildcards in the
ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE
configuration variables in authorization policy lists, which might
allow remote attackers to bypass intended access restrictions.
Comment 3 Tomas Hoger 2008-08-05 09:24:23 UTC 
This issue only seems to affect configuration, when wild carded definition is used in DENY directive, and conflicting ALLOW authorization also exist.  According to the documentation, such conflict should result in access being rejected, but this bug caused access to be allowed:

http://www.cs.wisc.edu/condor/manual/v7.0/3_6Security.html#sec:Security-Authorization

In most configurations, this problem can only be exploited by already authenticated user.
Comment 5 Jeff Needle 2008-08-08 20:50:37 UTC 
Verified fix on RHEL4 and RHEL5 with condor-7.0.4-4
Comment 6 Fedora Update System 2008-08-12 18:24:33 UTC 
condor-7.0.4-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Red Hat Product Security 2008-08-27 11:15:14 UTC 
This issue was addressed in:

Red Hat Enterprise MRG for RHEL-4:
  http://rhn.redhat.com/errata/RHSA-2008-0816.html

Red Hat Enterprise MRG for RHEL-5:
  http://rhn.redhat.com/errata/RHSA-2008-0814.html

Fedora:
  https://admin.fedoraproject.org/updates/F9/FEDORA-2008-7205
Note You need to log in before you can comment on or make changes to this bug.