CVE-2011-4930

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.

Published: Feb 10, 2014
Updated: Nov 9, 2025
CVE: CVE-2011-4930
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
condor_project / condor	7.6.1	7.6.1.x
condor_project / condor	7.2.3	7.2.3.x
fedoraproject / fedora	16	16.x
condor_project / condor	7.5.4	7.5.4.x
condor_project / condor	7.6.3	7.6.3.x
condor_project / condor	7.6.0	7.6.0.x
condor_project / condor	7.3.2	7.3.2.x
condor_project / condor	7.2.1	7.2.1.x
condor_project / condor	7.2.0	7.2.0.x
condor_project / condor	7.4.1	7.4.1.x
condor_project / condor	7.3.0	7.3.0.x
condor_project / condor	7.4.2	7.4.2.x
condor_project / condor	7.2.2	7.2.2.x
condor_project / condor	7.6.4	7.6.4.x
condor_project / condor	7.6.2	7.6.2.x
fedoraproject / fedora	15	15.x
condor_project / condor	7.2.5	7.2.5.x
condor_project / condor	7.4.0	7.4.0.x
condor_project / condor	7.3.1	7.3.1.x
condor_project / condor	7.2.4	7.2.4.x
redhat / enterprise_mrg	1.3	1.3.x
redhat / enterprise_mrg	2.0	2.0.x

Vulnerability Database

316,659

CVE-2011-4930

Deep Security Visibility Without the Complexity