{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2009:1689", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"}, {"name": "condor-jobs-security-bypass(54984)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"}, {"name": "37766", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37766"}, {"name": "RHSA-2009:1688", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"}, {"name": "1023378", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023378"}, {"name": "37443", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37443"}, {"tags": ["x_refsource_MISC"], "url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"}, {"name": "37803", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37803"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-4133", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2009:1689", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"}, {"name": "condor-jobs-security-bypass(54984)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"}, {"name": "37766", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37766"}, {"name": "RHSA-2009:1688", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"}, {"name": "1023378", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023378"}, {"name": "37443", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37443"}, {"name": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018", "refsource": "MISC", "url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"}, {"name": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html", "refsource": "CONFIRM", "url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=544371", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"}, {"name": "37803", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37803"}, {"name": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000", "refsource": "CONFIRM", "url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:54:09.951Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2009:1689", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"}, {"name": "condor-jobs-security-bypass(54984)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"}, {"name": "37766", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37766"}, {"name": "RHSA-2009:1688", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"}, {"name": "1023378", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023378"}, {"name": "37443", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37443"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"}, {"name": "37803", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37803"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-4133", "datePublished": "2009-12-23T18:00:00", "dateReserved": "2009-12-01T00:00:00", "dateUpdated": "2024-08-07T06:54:09.951Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:condor_project:condor:6.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "D17C7D49-C87C-4531-9F60-AEA8217BC47B", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "C82D2C15-DFD1-40E0-86FC-F48263416AA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA32C2CA-B61F-449B-B90A-054AF177C296", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "03F817A5-9926-4AB5-8D25-8B68DC905B05", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "52BDAA46-4598-4DC2-8B1B-D85CBF649133", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "524D6F4F-4715-4F68-A069-87CDEF8BB5DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "3219F472-97A7-4A8E-A45C-DBFB3E25AA17", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A9F3C190-977B-4FFA-8DA6-6C1DC337FE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "1AC9E5EA-CD6B-401A-ACD5-0FA64A32DD5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A5888B30-EFC0-49D7-BDFC-219226A3BE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5985B827-0494-4B99-A0CC-3F2DCB486BBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D6D49E49-D7C3-4A8D-87DF-26BFE479F0D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B921A880-DCC2-4AEB-A113-4AD520AA75D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1C31EBEA-2CB0-4910-B644-BAA5CB900DF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "97AAA688-530F-4049-AEF7-B302F984DCDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE91D459-EF92-430A-98E8-1131D8BD8682", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0C54D26-9124-49E6-8EBA-00AE0640633A", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "C66F0D08-3AE5-482A-B6AD-717475EB2D9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FDAC286B-A140-44E8-9B29-60B96A6B4555", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F44106D-CD31-4FF2-A589-A7A7492FC0CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D973598A-90C0-4AE0-A047-17866BD6DC46", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "FD09E081-B714-45A1-ACBB-28D805BFD01C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."}, {"lang": "es", "value": "Condor v6.5.4 hasta v7.2.4, v7.3.x, y v7.4.0, como el usado en MRG, Grid para MRG, y Grid Execute Node para MRG, permite a usuarios autenticados remotamente encolar tareas como un usuario de su elecci\u00f3n, y de ese modo obtener privilegios, usando una herramienta de l\u00ednea de commandos Condor para modificar un atributo de tarea no especificado."}], "id": "CVE-2009-4133", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-12-23T18:30:00.687", "references": [{"source": "secalert@redhat.com", "url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37766"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37803"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1023378"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/37443"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37803"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1023378"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/37443"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1688", "cpe": "cpe:/a:redhat:enterprise_mrg:1.0::el4", "package": "condor-0:7.4.1-0.7.1.el4", "product_name": "Grid Execute Node for MRG on RHEL-4", "release_date": "2009-12-22T00:00:00Z"}, {"advisory": "RHSA-2009:1688", "cpe": "cpe:/a:redhat:enterprise_mrg:1.0::el4", "package": "condor-0:7.4.1-0.7.1.el4", "product_name": "Grid for MRG on RHEL-4", "release_date": "2009-12-22T00:00:00Z"}, {"advisory": "RHSA-2009:1689", "cpe": "cpe:/a:redhat:enterprise_mrg:1::el5", "package": "condor-0:7.4.1-0.7.1.el5", "product_name": "MRG for RHEL-5", "release_date": "2009-12-22T00:00:00Z"}], "bugzilla": {"description": "Condor: queue super user cannot drop privs", "id": "544371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."], "name": "CVE-2009-4133", "public_date": "2010-01-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-4133\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-4133"], "threat_severity": "Moderate"}