cbcvebase.
CVE-2012-3492
published 2012-09-28

CVE-2012-3492: The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when…

medium6.4CVSS 3.1
AVNACLAuNCPIPAN
The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.

Affected

17 ranges
VendorProductVersion rangeFixed in
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor
condor_projectcondor>= 0 < 7.8.2~dfsg.1-1+deb7u17.8.2~dfsg.1-1+deb7u1
condor_projectcondor>= 0 < 7.8.2~dfsg.1-1+deb7u17.8.2~dfsg.1-1+deb7u1
debiancondor< condor 7.8.2~dfsg.1-1+deb7u1 (forky)condor 7.8.2~dfsg.1-1+deb7u1 (forky)

CVSS provenance

nvd6.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.4MEDIUM