CVE-2012-3492

The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a users authentication directory.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Condor	Condor_project	7.6.0 (including)	7.6.0 (including)
Condor	Condor_project	7.6.1 (including)	7.6.1 (including)
Condor	Condor_project	7.6.2 (including)	7.6.2 (including)
Condor	Condor_project	7.6.3 (including)	7.6.3 (including)
Condor	Condor_project	7.6.4 (including)	7.6.4 (including)
Condor	Condor_project	7.6.5 (including)	7.6.5 (including)
Condor	Condor_project	7.6.6 (including)	7.6.6 (including)
Condor	Condor_project	7.6.7 (including)	7.6.7 (including)
Condor	Condor_project	7.6.8 (including)	7.6.8 (including)
Condor	Condor_project	7.6.9 (including)	7.6.9 (including)
Condor	Condor_project	7.8.0 (including)	7.8.0 (including)
Condor	Condor_project	7.8.1 (including)	7.8.1 (including)
Condor	Condor_project	7.8.2 (including)	7.8.2 (including)
Condor	Condor_project	7.8.3 (including)	7.8.3 (including)
MRG for RHEL-5 v. 2	RedHat	condor-0:7.6.5-0.22.el5	*
MRG for RHEL-5 v. 2	RedHat	condor-wallaby-0:4.1.3-1.el5	*
MRG for RHEL-5 v. 2	RedHat	condor-wallaby-base-db-0:1.23-1.el5	*
MRG for RHEL-5 v. 2	RedHat	cumin-0:0.1.5444-3.el5	*
MRG for RHEL-5 v. 2	RedHat	sesame-0:1.0-4.el5	*
MRG for RHEL-5 v. 2	RedHat	wallaby-0:0.12.5-10.el5	*
Red Hat Enterprise MRG 2	RedHat	condor-0:7.6.5-0.22.el6	*
Red Hat Enterprise MRG 2	RedHat	condor-wallaby-0:4.1.3-1.el6	*
Red Hat Enterprise MRG 2	RedHat	condor-wallaby-base-db-0:1.23-1.el6	*
Red Hat Enterprise MRG 2	RedHat	cumin-0:0.1.5444-3.el6	*
Red Hat Enterprise MRG 2	RedHat	deltacloud-core-0:0.5.0-10.el6_2	*
Red Hat Enterprise MRG 2	RedHat	libdeltacloud-0:0.9-1.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-daemons-0:1.1.4-2.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-eventmachine-0:0.12.10-7.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-fssm-0:0.2.7-1.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-haml-0:3.1.2-2.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-hpricot-0:0.8.4-2.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-json-0:1.4.6-10.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-maruku-0:0.6.0-4.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-mime-types-0:1.16-4.el6_0	*
Red Hat Enterprise MRG 2	RedHat	rubygem-mocha-0:0.9.7-4.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-net-ssh-0:2.0.23-6.el6_0	*
Red Hat Enterprise MRG 2	RedHat	rubygem-nokogiri-0:1.5.0-0.8.beta4.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-rack-1:1.3.0-2.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-rack-accept-0:0.4.3-6.el6_0	*
Red Hat Enterprise MRG 2	RedHat	rubygem-rack-test-0:0.6.1-1.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-rake-0:0.8.7-2.1.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-rest-client-0:1.6.1-2.el6_0	*
Red Hat Enterprise MRG 2	RedHat	rubygems-0:1.8.16-1.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-sass-0:3.1.4-4.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-sinatra-1:1.2.6-2.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-syntax-0:1.0.0-4.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-thin-0:1.2.11-3.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-tilt-0:1.3.2-3.el6	*
Red Hat Enterprise MRG 2	RedHat	rubygem-yard-0:0.7.2-1.el6	*
Red Hat Enterprise MRG 2	RedHat	sesame-0:1.0-6.el6	*
Red Hat Enterprise MRG 2	RedHat	wallaby-0:0.12.5-10.el6	*
Condor	Ubuntu	lucid	*
Condor	Ubuntu	natty	*
Condor	Ubuntu	oneiric	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3492
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

References

CVE-2012-3492

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References