CVE-2009-4133

{"id": "CVE-2009-4133", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-12-23T18:30:00.687", "references": [{"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/37766", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/37803", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1023378", "source": "secalert@redhat.com"}, {"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/37443", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."}, {"lang": "es", "value": "Condor v6.5.4 hasta v7.2.4, v7.3.x, y v7.4.0, como el usado en MRG, Grid para MRG, y Grid Execute Node para MRG, permite a usuarios autenticados remotamente encolar tareas como un usuario de su elecci\u00f3n, y de ese modo obtener privilegios, usando una herramienta de l\u00ednea de commandos Condor para modificar un atributo de tarea no especificado."}], "lastModified": "2021-07-15T19:16:21.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:condor_project:condor:6.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D17C7D49-C87C-4531-9F60-AEA8217BC47B"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C82D2C15-DFD1-40E0-86FC-F48263416AA3"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA32C2CA-B61F-449B-B90A-054AF177C296"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03F817A5-9926-4AB5-8D25-8B68DC905B05"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52BDAA46-4598-4DC2-8B1B-D85CBF649133"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "524D6F4F-4715-4F68-A069-87CDEF8BB5DA"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3219F472-97A7-4A8E-A45C-DBFB3E25AA17"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D"}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9F3C190-977B-4FFA-8DA6-6C1DC337FE94"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AC9E5EA-CD6B-401A-ACD5-0FA64A32DD5A"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5888B30-EFC0-49D7-BDFC-219226A3BE94"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5985B827-0494-4B99-A0CC-3F2DCB486BBE"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D49E49-D7C3-4A8D-87DF-26BFE479F0D7"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B921A880-DCC2-4AEB-A113-4AD520AA75D5"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C31EBEA-2CB0-4910-B644-BAA5CB900DF4"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97AAA688-530F-4049-AEF7-B302F984DCDB"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE91D459-EF92-430A-98E8-1131D8BD8682"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0C54D26-9124-49E6-8EBA-00AE0640633A"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C66F0D08-3AE5-482A-B6AD-717475EB2D9C"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDAC286B-A140-44E8-9B29-60B96A6B4555"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F44106D-CD31-4FF2-A589-A7A7492FC0CC"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D973598A-90C0-4AE0-A047-17866BD6DC46"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51"}, {"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD09E081-B714-45A1-ACBB-28D805BFD01C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}