Daniel Horák discovered that condor_schedd would crash when attempting to remove a job via /usr/share/condor/aviary/jobcontrol.py with CPROC in square brackets (e.g. "jobcontrol.py --cmd=removeJob --cproc=[1.0]"). If the aviary_query_server is configured to listen to public interfaces, this could allow a remote attacker to cause a denial of service condition in condor_schedd. While condor_schedd will be restarted by the condor_master process after it exits, condor_master will throttle back restarts each crash. This will slowly increment to the defined MASTER_BACKOFF_CEILING value (defaults to 3600s, or 1 hour). In the recommended configuration scenario (deployed in a secure manner to prevent the aviary_query_server being exposed to unauthenticated users), this DoS can only be triggered by authenticated users, however they do not need the ADMINISTRATOR privilege to cause condor_schedd to halt.
This was corrected upstream with git commit 8f9b304c: http://condor-git.cs.wisc.edu/?p=condor.git;a=commit;h=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84 And was assigned the name CVE-2012-4462.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Created condor tracking bugs for this issue Affects: fedora-all [bug 862110]
Acknowledgements: This issue was discovered by Daniel Horak of the Red Hat Enterprise MRG Quality Engineering Team.
This issue has been addressed in following products: MRG for RHEL-5 v. 2 Via RHSA-2013:0564 https://rhn.redhat.com/errata/RHSA-2013-0564.html
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:0565 https://rhn.redhat.com/errata/RHSA-2013-0565.html