Condor Wild Card Authorization Policy Security Bypass Vulnerability

Bugtraq ID:	30440
Class:	Design Error
CVE:	CVE-2008-3424
Remote:	Yes
Local:	Yes
Published:	Jul 30 2008 12:00AM
Updated:	Aug 13 2008 07:16PM
Credit:	The vendor disclosed this issue.
Vulnerable:	RedHat Enterprise MRG v1 for Red Hat Enterprise Linux ES version 4 RedHat Enterprise MRG v1 for Red Hat Enterprise Linux AS verison 4 RedHat Enterprise MRG v1 for Red Hat Enterprise Linux version 5 Red Hat Fedora 9 Condor Condor 7.0.3 Condor Condor 7.0.2 Condor Condor 7.0.1 Condor Condor 7.0
Not Vulnerable:	Condor Condor 7.0.4

Condor Wild Card Authorization Policy Security Bypass Vulnerability

Condor is prone to a security-bypass vulnerability because if fails to properly process wildcard characters specified in authorization policies.

Attackers can exploit this issue to bypass the intended policy restrictions.

Versions prior to Condor 7.0.4 are vulnerable.

Condor Wild Card Authorization Policy Security Bypass Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Condor Wild Card Authorization Policy Security Bypass Vulnerability

Solution:
The vendor released Condor 7.0.4 to address this issue. Please see the references for more information.

Condor Wild Card Authorization Policy Security Bypass Vulnerability

References:

• Condor Homepage (Condor)
  
• Downloads for Condor 7.0.4 @ UW Madison (Condor)
  
• RHSA-2008:0814-13 (RedHat)
  
• RHSA-2008:0816-5 (RedHat)
  
• Version 7.0.4 Release Notes (Condor)