The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a users authentication directory.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Condor | Condor_project | 7.6.0 (including) | 7.6.0 (including) |
| Condor | Condor_project | 7.6.1 (including) | 7.6.1 (including) |
| Condor | Condor_project | 7.6.2 (including) | 7.6.2 (including) |
| Condor | Condor_project | 7.6.3 (including) | 7.6.3 (including) |
| Condor | Condor_project | 7.6.4 (including) | 7.6.4 (including) |
| Condor | Condor_project | 7.6.5 (including) | 7.6.5 (including) |
| Condor | Condor_project | 7.6.6 (including) | 7.6.6 (including) |
| Condor | Condor_project | 7.6.7 (including) | 7.6.7 (including) |
| Condor | Condor_project | 7.6.8 (including) | 7.6.8 (including) |
| Condor | Condor_project | 7.6.9 (including) | 7.6.9 (including) |
| Condor | Condor_project | 7.8.0 (including) | 7.8.0 (including) |
| Condor | Condor_project | 7.8.1 (including) | 7.8.1 (including) |
| Condor | Condor_project | 7.8.2 (including) | 7.8.2 (including) |
| Condor | Condor_project | 7.8.3 (including) | 7.8.3 (including) |
| MRG for RHEL-5 v. 2 | RedHat | condor-0:7.6.5-0.22.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | condor-wallaby-0:4.1.3-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | condor-wallaby-base-db-0:1.23-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | cumin-0:0.1.5444-3.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | sesame-0:1.0-4.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | wallaby-0:0.12.5-10.el5 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-0:7.6.5-0.22.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-wallaby-0:4.1.3-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-wallaby-base-db-0:1.23-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | cumin-0:0.1.5444-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | deltacloud-core-0:0.5.0-10.el6_2 | * |
| Red Hat Enterprise MRG 2 | RedHat | libdeltacloud-0:0.9-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-daemons-0:1.1.4-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-eventmachine-0:0.12.10-7.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-fssm-0:0.2.7-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-haml-0:3.1.2-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-hpricot-0:0.8.4-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-json-0:1.4.6-10.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-maruku-0:0.6.0-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-mime-types-0:1.16-4.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-mocha-0:0.9.7-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-net-ssh-0:2.0.23-6.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-nokogiri-0:1.5.0-0.8.beta4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-1:1.3.0-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-accept-0:0.4.3-6.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-test-0:0.6.1-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rake-0:0.8.7-2.1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rest-client-0:1.6.1-2.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygems-0:1.8.16-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-sass-0:3.1.4-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-sinatra-1:1.2.6-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-syntax-0:1.0.0-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-thin-0:1.2.11-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-tilt-0:1.3.2-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-yard-0:0.7.2-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | sesame-0:1.0-6.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | wallaby-0:0.12.5-10.el6 | * |
| Condor | Ubuntu | lucid | * |
| Condor | Ubuntu | natty | * |
| Condor | Ubuntu | oneiric | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1db67805
- http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
- http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50666
- http://www.openwall.com/lists/oss-security/2012/09/20/9
- http://www.securityfocus.com/bid/55632
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492
- http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1db67805
- http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
- http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50666
- http://www.openwall.com/lists/oss-security/2012/09/20/9
- http://www.securityfocus.com/bid/55632
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492