CVE-2012-3491 Information

Description

src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.

Reference

http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1fff5d40 http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50666 http://www.openwall.com/lists/oss-security/2012/09/20/9 http://www.securityfocus.com/bid/55632 https://bugzilla.redhat.com/show_bug.cgi?id=848214