Date: Wed, 30 Jul 2008 10:01:00 +0100 (BST) From: Mark J Cox <mjc@...hat.com> To: oss-security@...ts.openwall.com cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE request: condor < 7.0.4 Needs CVE name https://lists.cs.wisc.edu/archive/condor-world/2008q2/msg00003.shtml leading to: http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html This release fixes a problem causing possible incorrect handling of wild cards in authorization lists. Examples of the configuration variables that specify authorization lists are ALLOW_WRITE DENY_WRITE HOSTALLOW_WRITE HOSTDENY_WRITE If a configuration variable uses the asterisk character (*) in configuration variables that specify the authorization policy, it is advisable to upgrade. This is especially true for the use of wild cards in any DENY list, since this problem could result in access being allowed, when it should have been denied. This issue affects all previous versions of Condor. Thanks, Mark -- Mark J Cox / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.