CVE-2012-3492

The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.5:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.6:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.7:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.8:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.9:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.8.1:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.8.2:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.8.3:*:*:*:*:*:*:*

History

07 Nov 2023, 02:11

Type Values Removed Values Added
References
  • {'url': 'http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1db67805', 'name': 'http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1db67805', 'tags': ['Exploit', 'Patch'], 'refsource': 'CONFIRM'}
  • () http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1db67805 -

Information

Published : 2012-09-28 17:55

Updated : 2024-02-28 12:00


NVD link : CVE-2012-3492

Mitre link : CVE-2012-3492

CVE.ORG link : CVE-2012-3492


JSON object : View

Products Affected

condor_project

  • condor
CWE
CWE-287

Improper Authentication