Red Hat Bugzilla – Bug 463987
CVE-2008-3826 condor: users can run jobs with arbitrary owners
Last modified: 2008-10-10 03:21:22 EDT
A user with permission to submit jobs can run any program on a pool as any
The job is submitted and the Owner is quickly changed to the victim. The
victim's account will be used to run the job. The job can run any program
and be directed to any machine within the pool.
This flaw cannot be used to execute arbitrary jobs as the root superuser.
condor-7.0.5-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise MRG for RHEL-4:
Red Hat Enterprise MRG for RHEL-5: