CVE-2013-4255
Condor < 8.0.0 - Authenticated Denial of Service via Policy Definition Evaluator
Title source: llmDescription
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1172.html
Various Sources x_refsource_confirm
https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1171.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=919401
Various Sources x_refsource_misc
https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829
Scores
EPSS
0.0164
EPSS Percentile
73.6%
Details
CWE
CWE-20
Status
published
Products (6)
condor_project/condor
7.5.4
condor_project/condor
< 8.0.0
redhat/enterprise_mrg
2.0
redhat/enterprise_mrg
2.1
redhat/enterprise_mrg
2.2
redhat/enterprise_mrg
2.3
Published
Oct 11, 2013
Tracked Since
Feb 18, 2026