製品・ソフトウェアに関する情報

JVN脆弱性詳細

Condor におけるアイドル状態の任意のジョブを削除される脆弱性

Title	Condor におけるアイドル状態の任意のジョブを削除される脆弱性
Summary	Condor の src/condor_schedd.V6/schedd.cpp は、ジョブのパーミッションを適切にチェックしないため、アイドル状態の任意のジョブを削除される脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、アイドル状態の任意のジョブを削除される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 19, 2012, midnight
Registration Date	Oct. 2, 2012, 2:09 p.m.
Last Update	Oct. 2, 2012, 2:09 p.m.

Affected System

Condor Project

Condor 7.6.10 未満の 7.6.x

Condor 7.8.4 未満の 7.8.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-3491	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3491
National Vulnerability Database (NVD)
2	CVE-2012-3491	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3491

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Condor Project
1	8.3 Stable Release Series 7.6	http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
2	9.3 Stable Release Series 7.8	http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html
3	condor.git / commitdiff	http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1fff5d40
Red Hat Bugzilla
4	Bug 848214	https://bugzilla.redhat.com/show_bug.cgi?id=848214
Red Hat Security Advisory
5	RHSA-2012:1278	http://rhn.redhat.com/errata/RHSA-2012-1278.html
6	RHSA-2012:1281	http://rhn.redhat.com/errata/RHSA-2012-1281.html

Change Log

No	Changed Details	Date of change
0	[2012年10月02日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-3491

Summary	src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.
Publication Date	Sept. 29, 2012, 2:55 a.m.
Registration Date	Jan. 28, 2021, 3 p.m.
Last Update	Nov. 21, 2024, 10:40 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1fff5d40
2	http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1fff5d40
3	http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
4	http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html
5	http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html
6	http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html
7	http://rhn.redhat.com/errata/RHSA-2012-1278.html	Vendor Advisory
8	http://rhn.redhat.com/errata/RHSA-2012-1278.html	Vendor Advisory
9	http://rhn.redhat.com/errata/RHSA-2012-1281.html	Vendor Advisory
10	http://rhn.redhat.com/errata/RHSA-2012-1281.html	Vendor Advisory
11	http://secunia.com/advisories/50666	Vendor Advisory
12	http://secunia.com/advisories/50666	Vendor Advisory
13	http://www.openwall.com/lists/oss-security/2012/09/20/9
14	http://www.openwall.com/lists/oss-security/2012/09/20/9
15	http://www.securityfocus.com/bid/55632
16	http://www.securityfocus.com/bid/55632
17	https://bugzilla.redhat.com/show_bug.cgi?id=848214
18	https://bugzilla.redhat.com/show_bug.cgi?id=848214

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html