Condor condor_shadow.std Code Execution Vulnerability
Release Date : 2013-01-15
Criticality level : Less critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch
Software: Condor 7.x
A vulnerability has been reported in Condor, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to the application spawning user processes as root, which can be exploited to execute arbitrary code with root privileges.
Successful exploitation requires ability to submit jobs to condor_schedd.
The vulnerability is reported in versions 7.7.3 to 7.7.6 and 7.8.0 to 7.8.5.
Update to version 7.8.6.
Provided and/or discovered by:
Reported by the vendor.