CVE-2008-3830

Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.

Published: Oct 9, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3830
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
condor_project / condor	6.8.1	6.8.1.x
condor_project / condor	6.8.4	6.8.4.x
condor_project / condor	7.0.0	7.0.0.x
condor_project / condor	-	7.0.4.x
condor_project / condor	6.8.9	6.8.9.x
condor_project / condor	6.8.0	6.8.0.x
condor_project / condor	6.8.6	6.8.6.x
condor_project / condor	6.8.7	6.8.7.x
condor_project / condor	6.8.3	6.8.3.x
condor_project / condor	7.0.1	7.0.1.x
condor_project / condor	7.0.2	7.0.2.x
condor_project / condor	7.0.3	7.0.3.x
condor_project / condor	6.8.5	6.8.5.x
condor_project / condor	6.8.8	6.8.8.x
condor_project / condor	6.8.2	6.8.2.x

http://secunia.com/advisories/32189
http://secunia.com/advisories/32193
http://secunia.com/advisories/32232
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000
http://www.redhat.com/support/errata/RHSA-2008-0911.html
http://www.redhat.com/support/errata/RHSA-2008-0924.html
http://www.securityfocus.com/bid/31621
http://www.securitytracker.com/id?1021002
http://www.vupen.com/english/advisories/2008/2760
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html

Vulnerability Database

289,782

CVE-2008-3830