CVE-2012-5390

The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.

Published: Jun 6, 2014
Updated: Apr 13, 2023
CVE: CVE-2012-5390
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
condor_project / condor	7.9.0	7.9.0.x
condor_project / condor	7.8.4	7.8.4.x
condor_project / condor	7.8.3	7.8.3.x
condor_project / condor	7.8.1	7.8.1.x
condor_project / condor	7.8.0	7.8.0.x
condor_project / condor	7.8.2	7.8.2.x
condor_project / condor	7.7.3	7.7.3.x
condor_project / condor	7.7.6	7.7.6.x
condor_project / condor	7.7.5	7.7.5.x
condor_project / condor	7.7.4	7.7.4.x

http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html
http://secunia.com/advisories/51862
http://www.securityfocus.com/bid/57328

Vulnerability Database

289,697

CVE-2012-5390