CVE-2010-4179 — Improper Access Control in Redhat Enterprise MRG

CWE-264 CWE-284 — Improper Access Control6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 34.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise MRG

Timeline

PublishedDec 7

Latest updateMay 13

Description

The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/enterprise_mrg1.3

🔴Vulnerability Details

GHSA

GHSA-p347-c2jx-fcmf: The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1↗2022-05-13

▶

CVEList

CVE-2010-4179: The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1↗2010-12-07

▶

💥Exploits & PoCs

Exploit-DB

HP OpenView Network Node Manager (OV NNM) - 'ovalarm.exe' CGI Buffer Overflow (Metasploit)↗2010-11-11

▶

📋Vendor Advisories

Red Hat

plugin: enable QUEUE_ALL_USERS_TRUSTED for Submit/Hold/Release/Remove ops↗2010-11-30

▶

💬Community

Bugzilla

CVE-2010-4179 schedd plugin: enable QUEUE_ALL_USERS_TRUSTED for Submit/Hold/Release/Remove ops↗2010-11-18

▶