oss-sec mailing list archives

CVE request: condor < 7.0.4

From: Mark J Cox <mjc () redhat com>
Date: Wed, 30 Jul 2008 10:01:00 +0100 (BST)

Needs CVE name

https://lists.cs.wisc.edu/archive/condor-world/2008q2/msg00003.shtml
leading to:
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html

        This release fixes a problem causing possible incorrect handling of wild
        cards in authorization lists. Examples of the configuration variables that
        specify authorization lists are

          ALLOW_WRITE
          DENY_WRITE
          HOSTALLOW_WRITE
          HOSTDENY_WRITE

        If a configuration variable uses the asterisk character (*) in
        configuration variables that specify the authorization policy, it is
        advisable to upgrade. This is especially true for the use of wild cards in
        any DENY list, since this problem could result in access being allowed,
        when it should have been denied. This issue affects all previous versions
        of Condor.

Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team

Current thread:

CVE request: condor < 7.0.4 Mark J Cox (Jul 30)
- Re: CVE request: condor < 7.0.4 Steven M. Christey (Jul 31)