Condor installations that rely solely upon host-based authentication are vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker can bypass the target site's host-based authentication and be authorized to perform privileged actions (i.e. actions requiring ALLOW_ADMINISTRATOR or ALLOW_WRITE). Condor deployments using host-based authentication that contain no hostnames (IPs or IP globs only) or use authentication stronger than host-based are not vulnerable.
Acknowledgements: Red Hat would like to thank Ken Hahn and Dan Bradley for reporting this issue.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2012:1169 https://rhn.redhat.com/errata/RHSA-2012-1169.html
This issue has been addressed in following products: MRG for RHEL-5 v. 2 Via RHSA-2012:1168 https://rhn.redhat.com/errata/RHSA-2012-1168.html
Created condor tracking bugs for this issue Affects: fedora-all [bug 848145]