oss-security - Re: CVE request: condor

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Thu, 31 Jul 2008 17:48:14 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: condor < 7.0.4

======================================================
Name: CVE-2008-3424
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424
Reference: CONFIRM:http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4
Reference: BID:30440
Reference: URL:http://www.securityfocus.com/bid/30440
Reference: SECUNIA:31284
Reference: URL:http://secunia.com/advisories/31284
Reference: XF:condor-authpolicy-security-bypass(44063)
Reference: URL:http://xforce.iss.net/xforce/xfdb/44063

Condor before 7.0.4 does not properly handle wildcards in the
ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE
configuration variables in authorization policy lists, which might
allow remote attackers to bypass intended access restrictions.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.