Bug 759548 (CVE-2011-4930) - CVE-2011-4930 Condor: Multiple format string flaws
Summary: CVE-2011-4930 Condor: Multiple format string flaws
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-4930
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 758212 781346 787804
Blocks: 747556
TreeView+ depends on / blocked
 
Reported: 2011-12-02 16:28 UTC by Jan Lieskovsky
Modified: 2021-10-19 21:50 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-19 21:50:07 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0099 0 normal SHIPPED_LIVE Moderate: MRG Grid security, bug fix, and enhancement update 2012-02-06 23:26:02 UTC
Red Hat Product Errata RHSA-2012:0100 0 normal SHIPPED_LIVE Moderate: MRG Grid security, bug fix, and enhancement update 2012-02-06 23:15:47 UTC

Description Jan Lieskovsky 2011-12-02 16:28:55 UTC
Multiple format string flaws were found in Condor:

a) when the XML message log format was requested in Condor submit job by remote Condor user and that user attempted to write a specially-crafted message into user log file via condor_hold tool it could lead to condor_schedd daemon crash, or, potentially arbitrary code execution with the privileges of the 'condor' user [*]. Also this way an attacker could potentially prevent other Condor jobs from being scheduled and ever executed,

b) request for file transfer by remote Condor user to transmit a file, with specially-crafted name, could lead to child process of condor_schedd daemon to crash (repeated process, where condor_schedd daemon would fork a child process to handle the request, the child to crash, while trying to handle it and condor_schedd daemon to fork another child since the particular Condor job still have not been completed successfully).

Upstream bug report (mentioning only one attack vector):
[1] https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660

General upstream patch (addressing among these flaws
also couple of compiler warning problems):
[2] http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=5e5571d1a431eb3c61977b6dd6ec90186ef79867

--
[*] Arbitrary code execution was possible only on systems, where Condor daemons were not compiled with FORTIFY_SOURCE protection mechanism. On systems with this protection enabled, particular flaw would lead to Condor service crash only.

Comment 1 Jan Lieskovsky 2011-12-02 16:40:53 UTC
These issues affect the versions of the condor package, as shipped with Red Hat Enterprise MRG version 1.3 and version 2.0.

--

These issues affect the versions of the condor package, as shipped with Fedora release of 15 and 16.

Comment 6 Jan Lieskovsky 2012-01-11 14:20:14 UTC
The CVE identifier of CVE-2011-4930 has been assigned to this issue.

Comment 13 Jan Lieskovsky 2012-01-13 12:14:50 UTC
The preliminary embargo date for this issue has been set up to Monday, 6-th February of 2012.

Comment 14 Vincent Danen 2012-02-06 18:06:14 UTC
This is now public.

External References:

http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0001.html

Comment 15 errata-xmlrpc 2012-02-06 18:18:45 UTC
This issue has been addressed in following products:

  MRG for RHEL-5 v. 2

Via RHSA-2012:0100 https://rhn.redhat.com/errata/RHSA-2012-0100.html

Comment 16 errata-xmlrpc 2012-02-06 18:27:09 UTC
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0099 https://rhn.redhat.com/errata/RHSA-2012-0099.html

Comment 17 Vincent Danen 2012-02-06 18:59:53 UTC
Created condor tracking bugs for this issue

Affects: fedora-all [bug 787804]


Note You need to log in before you can comment on or make changes to this bug.