CVE-2011-4930

Published: Feb 10, 2014Modified: Apr 29, 2026

4.4

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 3.4 / Impact: 6.4

Source: NVD

Description

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.

Affected (22)

Products: Condor Project: Condor · Fedoraproject: Fedora · Redhat: Enterprise Mrg

1 product

1 product

1 product

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Condor Project Condor	Version 7.2.0
Condor Project Condor	Version 7.2.1
Condor Project Condor	Version 7.2.2
Condor Project Condor	Version 7.2.3
Condor Project Condor	Version 7.2.4
Condor Project Condor	Version 7.2.5
Condor Project Condor	Version 7.3.0
Condor Project Condor	Version 7.3.1
Condor Project Condor	Version 7.3.2
Condor Project Condor	Version 7.4.0
Condor Project Condor	Version 7.4.1
Condor Project Condor	Version 7.4.2
Condor Project Condor	Version 7.5.4
Condor Project Condor	Version 7.6.0
Condor Project Condor	Version 7.6.1
Condor Project Condor	Version 7.6.2
Condor Project Condor	Version 7.6.3
Condor Project Condor	Version 7.6.4
Fedoraproject Fedora	Version 15
Fedoraproject Fedora	Version 16
Redhat Enterprise Mrg	Version 1.3
Redhat Enterprise Mrg	Version 2.0

Related CWEs

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (16)

http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-0099.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0100.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=759548

Source: secalert@redhat.com

https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867

Source: secalert@redhat.com

https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264

Source: secalert@redhat.com

https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429

Source: secalert@redhat.com

https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660

Source: secalert@redhat.com

http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-0099.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-0100.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=759548

Source: af854a3a-2127-422b-91ae-364da2661108

https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867

Source: af854a3a-2127-422b-91ae-364da2661108

https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264

Source: af854a3a-2127-422b-91ae-364da2661108

https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429

Source: af854a3a-2127-422b-91ae-364da2661108

https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.