Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 03:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:enterprise_mrg:1.3:*:*:*:*:*:*:* |
cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_mrg:1.3:*:*:*:*:*:*:* |
References |
|
|
Information
Published : 2014-02-10 18:15
Updated : 2023-12-10 11:31
NVD link : CVE-2011-4930
Mitre link : CVE-2011-4930
CVE.ORG link : CVE-2011-4930
JSON object : View
Products Affected
condor_project
- condor
redhat
- enterprise_mrg
fedoraproject
- fedora
CWE
CWE-134
Use of Externally-Controlled Format String