CVE-2017-16816 — Improper Input Validation in Htcondor

CWE-20 — Improper Input Validation11 documents8 sources

Severity

6.5MEDIUMNVD

OSV8.8

EPSS

0.6%

top 29.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Condor Project Condor Wisc Htcondor

Timeline

PublishedJul 5

Latest updateMay 13

Description

The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDwisc/htcondor8.7.0 — 8.7.5+1

▶Debiancondor_project/condor< 8.6.8~dfsg.1-1+1

▶Ubuntucondor_project/condor< 8.0.5~dfsg.1-1ubuntu1+esm1+1

🔴Vulnerability Details

GHSA

GHSA-9x52-5xwr-hfwc: The condor_schedd component in HTCondor before 8↗2022-05-13

▶

OSV

condor vulnerabilities↗2021-03-15

▶

OSV

CVE-2017-16816: The condor_schedd component in HTCondor before 8↗2018-07-05

▶

CVEList

CVE-2017-16816: The condor_schedd component in HTCondor before 8↗2018-07-05

▶

📋Vendor Advisories

Ubuntu

HTCondor vulnerabilities↗2021-03-15

▶

Red Hat

condor: DoS of condor_schedd via specially crafted VOMS proxy↗2017-11-14

▶

Debian

CVE-2017-16816: condor - The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allo...↗2017

▶

💬Community

Bugzilla

CVE-2017-16816 condor: DoS of condor_schedd via specially crafted VOMS proxy [epel-all]↗2018-07-06

▶

Bugzilla

CVE-2017-16816 condor: DoS of condor_schedd via specially crafted VOMS proxy [fedora-all]↗2018-07-06

▶

Bugzilla

CVE-2017-16816 condor: DoS of condor_schedd via specially crafted VOMS proxy↗2017-11-02

▶