Description
Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.
References (10)
Core 10
Core References
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31423
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0816.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31459
Mailing List vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44063
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020646
Broken Link x_refsource_confirm
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30440
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31284
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0814.html
Scores
EPSS
0.0265
EPSS Percentile
83.7%
Details
CWE
CWE-863
Status
published
Products (2)
condor_project/condor
< 7.0.4
fedoraproject/fedora
9
Published
Jul 31, 2008
Tracked Since
Feb 18, 2026