2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2009-4133" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2009-12-23T18:30:00.687" ,
2024-11-22 11:14:00 +00:00
"lastModified" : "2024-11-21T01:08:59.593" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."
} ,
{
"lang" : "es" ,
"value" : "Condor v6.5.4 hasta v7.2.4, v7.3.x, y v7.4.0, como el usado en MRG, Grid para MRG, y Grid Execute Node para MRG, permite a usuarios autenticados remotamente encolar tareas como un usuario de su elecci\u00f3n, y de ese modo obtener privilegios, usando una herramienta de l\u00ednea de commandos Condor para modificar un atributo de tarea no especificado."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P" ,
2024-11-22 11:14:00 +00:00
"baseScore" : 6.5 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "SINGLE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
2024-11-22 11:14:00 +00:00
"availabilityImpact" : "PARTIAL"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.0 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : true ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-noinfo"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:6.5.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D17C7D49-C87C-4531-9F60-AEA8217BC47B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C82D2C15-DFD1-40E0-86FC-F48263416AA3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EA32C2CA-B61F-449B-B90A-054AF177C296"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "03F817A5-9926-4AB5-8D25-8B68DC905B05"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "52BDAA46-4598-4DC2-8B1B-D85CBF649133"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "524D6F4F-4715-4F68-A069-87CDEF8BB5DA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3219F472-97A7-4A8E-A45C-DBFB3E25AA17"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "324BAB04-B03E-499C-B58D-320D14740606"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "16892FC7-5870-45A8-ABFE-D8EE5A565FF5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8E6BB9D8-6394-4317-90DF-475DE0FF0567"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.0.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A9F3C190-977B-4FFA-8DA6-6C1DC337FE94"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.0.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1AC9E5EA-CD6B-401A-ACD5-0FA64A32DD5A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.0.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A5888B30-EFC0-49D7-BDFC-219226A3BE94"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5985B827-0494-4B99-A0CC-3F2DCB486BBE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D6D49E49-D7C3-4A8D-87DF-26BFE479F0D7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.1.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B921A880-DCC2-4AEB-A113-4AD520AA75D5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.1.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1C31EBEA-2CB0-4910-B644-BAA5CB900DF4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.1.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "97AAA688-530F-4049-AEF7-B302F984DCDB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FE91D459-EF92-430A-98E8-1131D8BD8682"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E0C54D26-9124-49E6-8EBA-00AE0640633A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C66F0D08-3AE5-482A-B6AD-717475EB2D9C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FDAC286B-A140-44E8-9B29-60B96A6B4555"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2F44106D-CD31-4FF2-A589-A7A7492FC0CC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D973598A-90C0-4AE0-A047-17866BD6DC46"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FD09E081-B714-45A1-ACBB-28D805BFD01C"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018" ,
"source" : "secalert@redhat.com"
} ,
2024-04-04 08:46:00 +00:00
{
"url" : "http://secunia.com/advisories/37766" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://secunia.com/advisories/37803" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
} ,
2023-04-24 12:24:31 +02:00
{
"url" : "http://securitytracker.com/id?1023378" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1688.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1689.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.securityfocus.com/bid/37443" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=544371" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984" ,
"source" : "secalert@redhat.com"
2024-11-22 11:14:00 +00:00
} ,
{
"url" : "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/37766" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://secunia.com/advisories/37803" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://securitytracker.com/id?1023378" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1688.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1689.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.securityfocus.com/bid/37443" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=544371" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
2023-04-24 12:24:31 +02:00
}
]
}
