Bug 759548 - (CVE-2011-4930) CVE-2011-4930 Condor: Multiple format string flaws
CVE-2011-4930 Condor: Multiple format string flaws
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120206,repor...
: Security
Depends On: 758212 781346 787804
Blocks: 747556
  Show dependency treegraph
 
Reported: 2011-12-02 11:28 EST by Jan Lieskovsky
Modified: 2012-02-06 13:59 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2011-12-02 11:28:55 EST
Multiple format string flaws were found in Condor:

a) when the XML message log format was requested in Condor submit job by remote Condor user and that user attempted to write a specially-crafted message into user log file via condor_hold tool it could lead to condor_schedd daemon crash, or, potentially arbitrary code execution with the privileges of the 'condor' user [*]. Also this way an attacker could potentially prevent other Condor jobs from being scheduled and ever executed,

b) request for file transfer by remote Condor user to transmit a file, with specially-crafted name, could lead to child process of condor_schedd daemon to crash (repeated process, where condor_schedd daemon would fork a child process to handle the request, the child to crash, while trying to handle it and condor_schedd daemon to fork another child since the particular Condor job still have not been completed successfully).

Upstream bug report (mentioning only one attack vector):
[1] https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660

General upstream patch (addressing among these flaws
also couple of compiler warning problems):
[2] http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=5e5571d1a431eb3c61977b6dd6ec90186ef79867

--
[*] Arbitrary code execution was possible only on systems, where Condor daemons were not compiled with FORTIFY_SOURCE protection mechanism. On systems with this protection enabled, particular flaw would lead to Condor service crash only.
Comment 1 Jan Lieskovsky 2011-12-02 11:40:53 EST
These issues affect the versions of the condor package, as shipped with Red Hat Enterprise MRG version 1.3 and version 2.0.

--

These issues affect the versions of the condor package, as shipped with Fedora release of 15 and 16.
Comment 6 Jan Lieskovsky 2012-01-11 09:20:14 EST
The CVE identifier of CVE-2011-4930 has been assigned to this issue.
Comment 13 Jan Lieskovsky 2012-01-13 07:14:50 EST
The preliminary embargo date for this issue has been set up to Monday, 6-th February of 2012.
Comment 14 Vincent Danen 2012-02-06 13:06:14 EST
This is now public.

External References:

http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0001.html
Comment 15 errata-xmlrpc 2012-02-06 13:18:45 EST
This issue has been addressed in following products:

  MRG for RHEL-5 v. 2

Via RHSA-2012:0100 https://rhn.redhat.com/errata/RHSA-2012-0100.html
Comment 16 errata-xmlrpc 2012-02-06 13:27:09 EST
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0099 https://rhn.redhat.com/errata/RHSA-2012-0099.html
Comment 17 Vincent Danen 2012-02-06 13:59:53 EST
Created condor tracking bugs for this issue

Affects: fedora-all [bug 787804]

Note You need to log in before you can comment on or make changes to this bug.