A user with permission to submit jobs can run any program on a pool as any user. The job is submitted and the Owner is quickly changed to the victim. The victim's account will be used to run the job. The job can run any program and be directed to any machine within the pool. This flaw cannot be used to execute arbitrary jobs as the root superuser.
Lifting embargo: http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000
condor-7.0.5-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise MRG for RHEL-4: http://rhn.redhat.com/errata/RHSA-2008-0924.html Red Hat Enterprise MRG for RHEL-5: http://rhn.redhat.com/errata/RHSA-2008-0911.html Fedora: https://admin.fedoraproject.org/updates/F9/FEDORA-2008-8733