CVE-2012-3492

The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.5:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.6:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.7:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.8:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.6.9:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.8.1:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.8.2:*:*:*:*:*:*:*
cpe:2.3:a:condor_project:condor:7.8.3:*:*:*:*:*:*:*

History

21 Nov 2024, 01:40

Type Values Removed Values Added
References () http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1db67805 - () http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1db67805 -
References () http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html - () http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html -
References () http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html - () http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html -
References () http://rhn.redhat.com/errata/RHSA-2012-1278.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2012-1278.html - Vendor Advisory
References () http://rhn.redhat.com/errata/RHSA-2012-1281.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2012-1281.html - Vendor Advisory
References () http://secunia.com/advisories/50666 - Vendor Advisory () http://secunia.com/advisories/50666 - Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2012/09/20/9 - () http://www.openwall.com/lists/oss-security/2012/09/20/9 -
References () http://www.securityfocus.com/bid/55632 - () http://www.securityfocus.com/bid/55632 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492 - () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3492 -

07 Nov 2023, 02:11

Type Values Removed Values Added
References
  • {'url': 'http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1db67805', 'name': 'http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1db67805', 'tags': ['Exploit', 'Patch'], 'refsource': 'CONFIRM'}
  • () http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=1db67805 -

Information

Published : 2012-09-28 17:55

Updated : 2024-11-21 01:40


NVD link : CVE-2012-3492

Mitre link : CVE-2012-3492

CVE.ORG link : CVE-2012-3492


JSON object : View

Products Affected

condor_project

  • condor
CWE
CWE-287

Improper Authentication