Condor Vulnerability Reports
- CONDOR-2005-0001
- Condor checkpoint server allows reading and writing of arbitrary files with
the permissions of the condor_ckpt_server's effective uid (normally the
"condor" user) from a remote machine with no special privileges. This can
result in checkpoints being replaced with malicious versions, reconfiguring
condor if the "condor" user owns the configuration files, or gaining access
to system files which may aid in other attacks.
- CONDOR-2005-0003
- Arbitrary commands can be executed with the permissions of the condor_shadow
or condor_gridmanager's effective uid (normally the "condor" user). This can
result in a compromise of the condor configuration files, log files, and
other files owned by the "condor" user. This may also aid in attacks on
other accounts.
- CONDOR-2005-0004
- Arbitrary configuration options can be set if a user has access to the
"condor" user account that Condor components run as, even if all the
configuration files are owned by root. This can lead to a denial of service,
or a complete root compromise of the system if the condor_master is started
as root.
- CONDOR-2006-0003
- In the rare configuration that CLASSAD_SCRIPT_DIRECTORY is set in the Condor
configuration, arbitrary commands can be executed with the permissions of the
condor_negotiator and condor_shadow's effective uid (normally the "condor"
user). This can result in a compromise of the condor configuration files,
log files, and other files owned by the "condor" user. This may also aid in
attacks on other accounts.
- CONDOR-2006-0004
- In the rare configuration that CLASSAD_SCRIPT_DIRECTORY is set in the Condor
configuration, arbitrary executables can be executed with the permissions of
the condor_negotiator and condor_shadow's effective uid (normally the
"condor" user). This can result in a compromise of the condor configuration
files, log files, and other files owned by the "condor" user. This may also
aid in attacks on other accounts.
- CONDOR-2006-0005
- A user that is able to submit a Condor job can modify jobs or add arbitrary
jobs to the job queue if they can force a restart of the condor_schedd to
which they submit jobs. The user has complete control of the job attributes,
including the user and executable.
- CONDOR-2006-0006
- The use of FS or FS_REMOTE authentication methods can result in a spoofing
of identity if an attacker has access to the file system used to perform the
authentication.
- CONDOR-2006-0007
- Condor users can use public key certificates as a means of authentication when
using the GSI or SSL authentication methods. It is possible to spoof a
signature if a PKCS #1 1.5 signature with an RSA key of exponent 3 is used.
This can lead to identity spoofing through the use of a malformed signature.
The use of this particular type of key seems to be rare.
- CONDOR-2006-0008
- On Windows platforms and potentially some old versions of UNIX, if the
persistent configuration changes are allowed, then it is possible that
an attacker may be able to change the configuration of the machine,
which could lead to a root compromise. Persistent configuration changes
through the use of condor_config_val is disabled by default, which
prevents this vulnerability.
- CONDOR-2006-0009
- It is possible to update a class ad in the collector, such that the contents
of the class ad can cause a buffer in the condor_negotiator to overflow.
This can result in a crash, or potentially a root compromise of the
condor_negotiator. This compromise requires the user to be able to use the
condor_advertise command. This is the case for ordinary users, if host-based
authorization is used on machines running Condor daemons, which includes all
submission and execution hosts.
- CONDOR-2008-0001
- It is possible for a user that can submit jobs to a condor_schedd to modify
arbitrary attributes of the job, including attributes an ordinary user should
not be able to modify. For instance, a user can change the owner of their
job to run as any non-root user.
- CONDOR-2008-0002
- If a server is using IP based authentication, in certain configurations the
set of IP addresses that are allowed can be more permissive than expected when
denying IP addresses. This can allow an attacker to perform actions against
the Condor daemon that should not be allowed.
- CONDOR-2008-0003
- User supplied input to
condor_qedit can cause the condor_schedd
to crash or potentially allow the execution of arbitrary code.
- CONDOR-2008-0004
- User supplied input to
condor_qedit can cause the condor_schedd
to crash and not be able to recover.