Information disclosure in Condor_project Condor

CVE-2012-3493

The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd req…

Vulnerability class: Information Disclosure

EPSS: 0.008 (73.8th percentile) — read the EPSS interpretation.

Affected products

Condor_project Condor — versions 7.6.0, 7.6.1, 7.6.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

55632 (vdb-entry, x_refsource_BID)
RHSA-2012:1278 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2012:1281 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
50666 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_MISC)
[oss-security] 20120920 Notification of upstream Condor security fixes (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)