A denial of service flaw was found in the way Condor's policy definition evaluator processed certain policy definitions. If an administrator used an attribute defined on a job in any of the following condor_startd policies (CONTINUE, KILL, PREEMPT, SUSPEND), a remote Condor service user could use this flaw to cause a denial of the condor_startd service by submitting a Condor job that caused certain policy definition to be evaluated to either ERROR or UNDEFINED states. Workaround: =========== Check for UNDEFINED & ERROR in the policy configuration.
Acknowledgements: This issue was found by Matthew Farrellee of Red Hat.
Upstream pointed out that this issue is known with several public upstream bug reports related to this problem: https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786 https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829
Making this bug public.
Created condor tracking bugs for this issue: Affects: fedora-all [bug 999579]
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:1172 https://rhn.redhat.com/errata/RHSA-2013-1172.html
This issue has been addressed in following products: MRG for RHEL-5 v. 2 Via RHSA-2013:1171 https://rhn.redhat.com/errata/RHSA-2013-1171.html