CVE-2011-4930
Condor 7.2.0-7.6.4 - Format String Vulnerability via Job Hold Reason or Filename
Title source: llmDescription
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
References (8)
Core 8
Core References
Vendor Advisory x_refsource_confirm
http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=759548
Various Sources x_refsource_confirm
https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0099.html
Various Sources x_refsource_misc
https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867
Various Sources x_refsource_confirm
https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660
Various Sources x_refsource_misc
https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0100.html
Scores
EPSS
0.0059
EPSS Percentile
43.2%
Details
CWE
CWE-134
Status
published
Products (22)
condor_project/condor
7.2.0
condor_project/condor
7.2.1
condor_project/condor
7.2.2
condor_project/condor
7.2.3
condor_project/condor
7.2.4
condor_project/condor
7.2.5
condor_project/condor
7.3.0
condor_project/condor
7.3.1
condor_project/condor
7.3.2
condor_project/condor
7.4.0
... and 12 more
Published
Feb 10, 2014
Tracked Since
Feb 18, 2026