CVE-2012-3492

Published Sep 28, 2012

Last updated a year ago

Overview

Description: The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2260133-CF29-4F2F-A05E-ED5FF10F190A"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF8B138A-F2DF-4B12-8B00-CC234D7E4BFD"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33F6FDB7-FB85-4879-81E8-CBC0BA027C85"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A225C35-3DF2-4C5A-B3D6-BC70FCB6C241"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4BA94AB-761B-44BB-A188-FC609789BF30"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4A6DF33-B8D9-41DA-8620-5C93813E7971"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DA2856A-EE5A-4E64-BF4B-2101D782B2A0"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59C2E93D-5983-4F40-AE61-B299FFB84E47"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EDBB354-1B7E-43D1-B23F-35309272A37A"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.6.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B660525B-3A88-4AF2-86E6-B8E93B65DF61"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A1C1780-D08E-4E91-9379-CC6070360859"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD6855FF-3285-48CA-951B-7B2CD53CCB16"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "536EBEBB-3957-4080-84D8-AC77A1452F2A"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31EC8BC4-F8F8-41E5-A823-D640B2719554"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References