CVE-2008-3424 - OpenCVE

Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Condor Project	Condor
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/31284	Broken Link Vendor Advisory
http://secunia.com/advisories/31423	Broken Link
http://secunia.com/advisories/31459	Broken Link
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0814.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0816.html	Broken Link
http://www.securityfocus.com/bid/30440	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020646	Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44063	Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html	Mailing List

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-07-31T22:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-07-31T00:00:00

Link: CVE-2008-3424

JSON object: View

NVD Information

Status : Analyzed

Published: 2008-07-31T22:41:00.000

Modified: 2024-01-12T20:45:54.037

Link: CVE-2008-3424

JSON object: View

Redhat Information

No data.

CWE

CWE-863

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-07-30T00:00:00", "descriptions": [{"lang": "en", "value": "Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "31423", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31423"}, {"name": "RHSA-2008:0816", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0816.html"}, {"name": "31459", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31459"}, {"name": "FEDORA-2008-7205", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html"}, {"name": "condor-authpolicy-security-bypass(44063)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44063"}, {"name": "1020646", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020646"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4"}, {"name": "30440", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30440"}, {"name": "31284", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31284"}, {"name": "RHSA-2008:0814", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0814.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3424", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "31423", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31423"}, {"name": "RHSA-2008:0816", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0816.html"}, {"name": "31459", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31459"}, {"name": "FEDORA-2008-7205", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html"}, {"name": "condor-authpolicy-security-bypass(44063)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44063"}, {"name": "1020646", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020646"}, {"name": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4", "refsource": "CONFIRM", "url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4"}, {"name": "30440", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30440"}, {"name": "31284", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31284"}, {"name": "RHSA-2008:0814", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0814.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3424", "datePublished": "2008-07-31T22:00:00", "dateReserved": "2008-07-31T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*", "matchCriteriaId": "501E4937-0F98-4B63-8054-04FC01B9B0C3", "versionEndExcluding": "7.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*", "matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions."}, {"lang": "es", "value": "Condor versiones anteriores a la 7.0.4 no gestiona correctamente los caracteres especiales en las variables de configuraci\u00f3n ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, o HOSTDENY_WRITE en los listas de pol\u00edticas de autorizaci\u00f3n, lo cual podr\u00eda permitir a los atacantes remotos saltarse las restricciones de acceso previstas."}], "id": "CVE-2008-3424", "lastModified": "2024-01-12T20:45:54.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-07-31T22:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/31284"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31423"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31459"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0814.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0816.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/30440"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1020646"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44063"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}