Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Condor | Condor_project | 7.2.0 (including) | 7.2.0 (including) |
| Condor | Condor_project | 7.2.1 (including) | 7.2.1 (including) |
| Condor | Condor_project | 7.2.2 (including) | 7.2.2 (including) |
| Condor | Condor_project | 7.2.3 (including) | 7.2.3 (including) |
| Condor | Condor_project | 7.2.4 (including) | 7.2.4 (including) |
| Condor | Condor_project | 7.2.5 (including) | 7.2.5 (including) |
| Condor | Condor_project | 7.3.0 (including) | 7.3.0 (including) |
| Condor | Condor_project | 7.3.1 (including) | 7.3.1 (including) |
| Condor | Condor_project | 7.3.2 (including) | 7.3.2 (including) |
| Condor | Condor_project | 7.4.0 (including) | 7.4.0 (including) |
| Condor | Condor_project | 7.4.1 (including) | 7.4.1 (including) |
| Condor | Condor_project | 7.4.2 (including) | 7.4.2 (including) |
| Condor | Condor_project | 7.5.4 (including) | 7.5.4 (including) |
| Condor | Condor_project | 7.6.0 (including) | 7.6.0 (including) |
| Condor | Condor_project | 7.6.1 (including) | 7.6.1 (including) |
| Condor | Condor_project | 7.6.2 (including) | 7.6.2 (including) |
| Condor | Condor_project | 7.6.3 (including) | 7.6.3 (including) |
| Condor | Condor_project | 7.6.4 (including) | 7.6.4 (including) |
| Fedora | Fedoraproject | 15 (including) | 15 (including) |
| Fedora | Fedoraproject | 16 (including) | 16 (including) |
| Enterprise_mrg | Redhat | 1.3 (including) | 1.3 (including) |
| Enterprise_mrg | Redhat | 2.0 (including) | 2.0 (including) |
| MRG for RHEL-5 v. 2 | RedHat | condor-0:7.6.5-0.12.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | condor-ec2-enhanced-0:1.3.0-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | condor-ec2-enhanced-hooks-0:1.3.0-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | condor-wallaby-base-db-0:1.19-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | cumin-0:0.1.5192-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | python-psycopg2-0:2.0.14-3.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | ruby-spqr-0:0.3.5-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | wallaby-0:0.12.5-1.el5 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-0:7.6.5-0.12.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-ec2-enhanced-0:1.3.0-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-ec2-enhanced-hooks-0:1.3.0-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-wallaby-base-db-0:1.19-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | cumin-0:0.1.5192-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | ruby-spqr-0:0.3.5-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | wallaby-0:0.12.5-1.el6 | * |
| Condor | Ubuntu | lucid | * |
| Condor | Ubuntu | maverick | * |
| Condor | Ubuntu | natty | * |
| Condor | Ubuntu | oneiric | * |
| Condor | Ubuntu | upstream | * |