CVE-2013-4255

Condor < 8.0.0 - Authenticated Denial of Service via Policy Definition Evaluator

Title source: llm
STIX 2.1

Description

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1172.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1171.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=919401

Scores

EPSS 0.0164
EPSS Percentile 73.6%

Details

CWE
CWE-20
Status published
Products (6)
condor_project/condor 7.5.4
condor_project/condor < 8.0.0
redhat/enterprise_mrg 2.0
redhat/enterprise_mrg 2.1
redhat/enterprise_mrg 2.2
redhat/enterprise_mrg 2.3
Published Oct 11, 2013
Tracked Since Feb 18, 2026