CVE-2012-3459 Information

Description

Cumin before 0.1.5444 as used in Red Hat Enterprise Messaging Realtime and Grid (MRG) 2.0 allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request which triggers a job attribute change request to Condor.

Reference

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://secunia.com/advisories/50666 http://www.securityfocus.com/bid/55632