CVE-2008-3828

Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/32189
http://secunia.com/advisories/32193	Vendor Advisory
http://secunia.com/advisories/32232
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0911.html
http://www.redhat.com/support/errata/RHSA-2008-0924.html
http://www.securityfocus.com/bid/31621
http://www.securitytracker.com/id?1021002
http://www.vupen.com/english/advisories/2008/2760
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:condor_project:condor::::::::
	cpe:2.3:a:condor_project:condor:6.8.0:::::::*
	cpe:2.3:a:condor_project:condor:6.8.1:::::::*
	cpe:2.3:a:condor_project:condor:6.8.2:::::::*
	cpe:2.3:a:condor_project:condor:6.8.3:::::::*
	cpe:2.3:a:condor_project:condor:6.8.4:::::::*
	cpe:2.3:a:condor_project:condor:6.8.5:::::::*
	cpe:2.3:a:condor_project:condor:6.8.6:::::::*
	cpe:2.3:a:condor_project:condor:6.8.7:::::::*
	cpe:2.3:a:condor_project:condor:6.8.8:::::::*
	cpe:2.3:a:condor_project:condor:6.8.9:::::::*
	cpe:2.3:a:condor_project:condor:7.0.0:::::::*
	cpe:2.3:a:condor_project:condor:7.0.1:::::::*
	cpe:2.3:a:condor_project:condor:7.0.2:::::::*
	cpe:2.3:a:condor_project:condor:7.0.3:::::::*

History

No history.

Information

Published : 2008-10-08 22:00

Updated : 2023-12-10 10:51

NVD link : CVE-2008-3828

Mitre link : CVE-2008-3828

CVE.ORG link : CVE-2008-3828

JSON object : View

Products Affected

condor_project

condor

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2008-3828", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-10-08T22:00:01.887", "references": [{"url": "http://secunia.com/advisories/32189", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/32193", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/32232", "source": "secalert@redhat.com"}, {"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/31621", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1021002", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2008/2760", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el demonio (daemon) condor_schedd de Condor anterior a v7.0.5; permite a los atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda) y puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."}], "lastModified": "2011-03-08T03:11:28.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC1ED29E-B24F-4233-A506-38C078DA3A0C", "versionEndIncluding": "7.0.4"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C82D2C15-DFD1-40E0-86FC-F48263416AA3"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA32C2CA-B61F-449B-B90A-054AF177C296"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03F817A5-9926-4AB5-8D25-8B68DC905B05"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52BDAA46-4598-4DC2-8B1B-D85CBF649133"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "524D6F4F-4715-4F68-A069-87CDEF8BB5DA"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3219F472-97A7-4A8E-A45C-DBFB3E25AA17"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}