CVE-2008-3424

Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

History

21 Nov 2024, 00:49

Type Values Removed Values Added
References () http://secunia.com/advisories/31284 - Broken Link, Vendor Advisory () http://secunia.com/advisories/31284 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/31423 - Broken Link () http://secunia.com/advisories/31423 - Broken Link
References () http://secunia.com/advisories/31459 - Broken Link () http://secunia.com/advisories/31459 - Broken Link
References () http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4 - Broken Link () http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4 - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2008-0814.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2008-0814.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2008-0816.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2008-0816.html - Broken Link
References () http://www.securityfocus.com/bid/30440 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/30440 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1020646 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1020646 - Broken Link, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/44063 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/44063 - Third Party Advisory, VDB Entry
References () https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html - Mailing List () https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html - Mailing List

12 Jan 2024, 20:45

Type Values Removed Values Added
CWE CWE-264 CWE-863
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html - Mailing List
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44063 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44063 - Third Party Advisory, VDB Entry
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0816.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0816.html - Broken Link
References (BID) http://www.securityfocus.com/bid/30440 - (BID) http://www.securityfocus.com/bid/30440 - Broken Link, Third Party Advisory, VDB Entry
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0814.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0814.html - Broken Link
References (CONFIRM) http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4 - (CONFIRM) http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4 - Broken Link
References (SECUNIA) http://secunia.com/advisories/31423 - (SECUNIA) http://secunia.com/advisories/31423 - Broken Link
References (SECTRACK) http://www.securitytracker.com/id?1020646 - (SECTRACK) http://www.securitytracker.com/id?1020646 - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/31459 - (SECUNIA) http://secunia.com/advisories/31459 - Broken Link
References (SECUNIA) http://secunia.com/advisories/31284 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/31284 - Broken Link, Vendor Advisory
CPE cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
First Time Fedoraproject fedora
Fedoraproject

Information

Published : 2008-07-31 22:41

Updated : 2024-11-21 00:49


NVD link : CVE-2008-3424

Mitre link : CVE-2008-3424

CVE.ORG link : CVE-2008-3424


JSON object : View

Products Affected

condor_project

  • condor

fedoraproject

  • fedora
CWE
CWE-863

Incorrect Authorization