CVE-2009-4133 — Project Condor vulnerability

6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

1.4%

top 19.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Condor Project Condor Redhat Enterprise MRG

Timeline

PublishedDec 23

Latest updateMay 2

Description

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶NVDcondor_project/condor32 versions+31

▶NVDredhat/enterprise_mrg1.2

🔴Vulnerability Details

GHSA

GHSA-4crj-cmpw-2wrg: Condor 6↗2022-05-02

▶

CVEList

CVE-2009-4133: Condor 6↗2009-12-23

▶

📋Vendor Advisories

Red Hat

Condor: queue super user cannot drop privs↗2010-01-15

▶

Debian

CVE-2009-4133: condor - Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and ...↗2009

▶

💬Community

Bugzilla

CVE-2009-4133 Condor: queue super user cannot drop privs↗2009-12-04

▶