CVE-2013-4255

Published Oct 11, 2013

Last updated 4 years ago

CVSS info 3.5

Overview

Description: The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AE7A59E-1CF0-4DE8-84ED-5B6434C86574",
            "versionEndIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:condor_project:condor:7.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8464E672-FEB8-4EC2-97EA-D6615DB22F28"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE2A5DA2-081C-4524-AE73-F9EFB23B412A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87927ABB-0BDC-493C-B4F4-E979B03DAC18"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15856E6B-7BF3-4377-8708-574F3F7334D2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References