Florian Weimer of the Red Hat Product Security Team discovered that Condor's file system authentication challenge accepted directories with weak permissions (for example, world readable, writable and executable permissions). If a user created a directory with such permissions, a local attacker could rename it, allowing them to execute jobs with the privileges of the victim user.
Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue has been addressed in following products: MRG for RHEL-5 v. 2 Via RHSA-2012:1278 https://rhn.redhat.com/errata/RHSA-2012-1278.html
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2012:1281 https://rhn.redhat.com/errata/RHSA-2012-1281.html
Created condor tracking bugs for this issue Affects: fedora-all [bug 858867]
This has been resolved in upstream 7.6.10 and 7.8.4: https://lists.cs.wisc.edu/archive/condor-users/2012-September/msg00077.shtml
Upstream git commit: http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1db67805