Vulnerability Description
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Condor Project | Condor | <= 7.4.1 |
| Redhat | Enterprise Mrg | 1.0 |
Related Weaknesses (CWE)
References
- http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html
- http://rhn.redhat.com/errata/RHSA-2010-0773.html
- https://bugzilla.redhat.com/show_bug.cgi?id=540545
- https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001
- http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html
- http://rhn.redhat.com/errata/RHSA-2010-0773.html
- https://bugzilla.redhat.com/show_bug.cgi?id=540545
- https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001
FAQ
What is CVE-2009-5136?
CVE-2009-5136 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to caus...
How severe is CVE-2009-5136?
CVE-2009-5136 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-5136?
Check the references section above for vendor advisories and patch information. Affected products include: Condor Project Condor, Redhat Enterprise Mrg.