Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5196 to
the following vulnerability:

Name: CVE-2012-5196
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5196
Assigned: 20120928
Reference: http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
Reference: http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html

Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x
before 7.8.4 have unknown impact and attack vectors.


These issues were noted in the release notes to have no security impact:

* Security Item: Although not user-visible, there were multiple updates to remove places in the code where potential buffer overruns could occur, thus removing potential attacks. None were known to be exploitable.

We have been unable to confirm which exact flaws these are with upstream, however we do believe that this is the removal of ClassAd::LookupString(), which cannot be used securely, so it was removed.  Another would be the change from using sprintf() to snprintf() in BaseShadow::log_except(), which was also not viewed as exploitable (Red Hat products also build condor with FORTIFY_SOURCE which would render any overflow a non-issue, if it could be exploited).

While the Red Hat Security Response Team did not view these as security flaws, they were included in MRG Grid 2.2 (RHSA-2012:1278) as proactive/hardening fixes.


Statement:

The Red Hat Security Response team does not consider this bug to be security relevant.  However, it has been corrected in MRG Grid 2.2 (via RHSA-2012:1278 and RHSA-2012:1281) as a proactive/hardening measure.