CVE-2017-16816

Published: Jul 5, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions.

Affected (2)

Products: Wisc: Htcondor

Wisc

1 product

Htcondor

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wisc Htcondor	Before 8.6.8
Wisc Htcondor	From 8.7.0 to 8.7.5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2017-0001.html

Source: cve@mitre.org

MitigationVendor Advisory

https://www-auth.cs.wisc.edu/lists/htcondor-users/2017-November/msg00022.shtml

Source: cve@mitre.org

Mailing ListVendor Advisory

http://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2017-0001.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://www-auth.cs.wisc.edu/lists/htcondor-users/2017-November/msg00022.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.