fkie_cve-2011-4930
Vulnerability from fkie_nvd
Published
2014-02-10 18:15
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 7.2.0 | |
| condor_project | condor | 7.2.1 | |
| condor_project | condor | 7.2.2 | |
| condor_project | condor | 7.2.3 | |
| condor_project | condor | 7.2.4 | |
| condor_project | condor | 7.2.5 | |
| condor_project | condor | 7.3.0 | |
| condor_project | condor | 7.3.1 | |
| condor_project | condor | 7.3.2 | |
| condor_project | condor | 7.4.0 | |
| condor_project | condor | 7.4.1 | |
| condor_project | condor | 7.4.2 | |
| condor_project | condor | 7.5.4 | |
| condor_project | condor | 7.6.0 | |
| condor_project | condor | 7.6.1 | |
| condor_project | condor | 7.6.2 | |
| condor_project | condor | 7.6.3 | |
| condor_project | condor | 7.6.4 | |
| fedoraproject | fedora | 15 | |
| fedoraproject | fedora | 16 | |
| redhat | enterprise_mrg | 1.3 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE91D459-EF92-430A-98E8-1131D8BD8682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C54D26-9124-49E6-8EBA-00AE0640633A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F0D08-3AE5-482A-B6AD-717475EB2D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAC286B-A140-44E8-9B29-60B96A6B4555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "14883865-8C31-4D40-B969-D61FE18920C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F44106D-CD31-4FF2-A589-A7A7492FC0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D973598A-90C0-4AE0-A047-17866BD6DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68301687-793B-4A68-B1FB-A2B941A230C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55E4CE41-D1AF-4187-AA26-FCDEA2F52E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8464E672-FEB8-4EC2-97EA-D6615DB22F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2260133-CF29-4F2F-A05E-ED5FF10F190A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8B138A-F2DF-4B12-8B00-CC234D7E4BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33F6FDB7-FB85-4879-81E8-CBC0BA027C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A225C35-3DF2-4C5A-B3D6-BC70FCB6C241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BA94AB-761B-44BB-A188-FC609789BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
"matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60D3DD4A-2984-4929-BF6A-30B8CE9B2974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cadena de formato en Condor 7.2.0 hasta 7.6.4 y posiblemente ciertas versiones 7.7.x, como las utilizadas en Red Hat MRG Grid y posiblemente otros productos, permiten a usuarios locales causar una denegaci\u00f3n de servicio (demonio condor_schedd y fallo en el lanzamiento de trabajos) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena de especificadores de formato en (1) la raz\u00f3n de un retraso en un trabajo que utiliza un registro de usuario XML, (2) el nombre de un archivo pendiente de transferir y posiblemente otros vectores no especificados."
}
],
"id": "CVE-2011-4930",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-10T18:15:09.310",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…