Skip to navigation

Security Advisory Important: condor security update

Advisory: RHSA-2012:1169-1
Type: Security Advisory
Severity: Important
Issued on: 2012-08-14
Last updated on: 2012-08-14
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)
CVEs (cve.mitre.org): CVE-2012-3416

Details

Updated condor packages that fix one security issue are now available for
Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Condor is a specialized workload management system for compute-intensive
jobs. It provides a job queuing mechanism, scheduling policy, priority
scheme, and resource monitoring and management.

Condor installations that rely solely upon host-based authentication were
vulnerable to an attacker who controls an IP, its reverse-DNS entry and has
knowledge of a target site's security configuration. With this control and
knowledge, the attacker could bypass the target site's host-based
authentication and be authorized to perform privileged actions (i.e.
actions requiring ALLOW_ADMINISTRATOR or ALLOW_WRITE). Condor deployments
using host-based authentication that contain no hostnames (IPs or IP globs
only) or use authentication stronger than host-based are not vulnerable.
(CVE-2012-3416)

Note: Condor will not run jobs as root; therefore, this flaw cannot lead to
a compromise of the root user account.

Red Hat would like to thank Ken Hahn and Dan Bradley for reporting this
issue.

All Red Hat Enterprise MRG 2.1 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
Condor must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

SRPMS:
condor-7.6.5-0.14.2.el6_3.src.rpm
File outdated by:  RHSA-2013:1294
    MD5: 9836c348c97af82b866628f20f78b2ca
SHA-256: 6259faacdaeb53bc1ececa6b9a5fb322480a7eafaef5ccd9194a4b0cf1e83838
 
IA-32:
condor-7.6.5-0.14.2.el6_3.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: c43bc8072ead847e4655375032696b0b
SHA-256: 0825214c3092127da91c65a8c99e532c62970a58bfa6f453bca8ee381bdc6711
condor-aviary-7.6.5-0.14.2.el6_3.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: b74454cac9df515182c01c95008298d6
SHA-256: eac30ece9c11b6d1074e8ce3c634b0523c2ad085919b7ed544786925d3530ccf
condor-classads-7.6.5-0.14.2.el6_3.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: 51fdd26c1bf08b808bdf626e4aafd6c3
SHA-256: 8ec3953b1a861d1664b3adddacc5d44b4f1360b7b0c21cb5040d97ac0969e37b
condor-debuginfo-7.6.5-0.14.2.el6_3.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: 5261471894026afb68ca96c0061f1276
SHA-256: 0474ba65502d91aae48b75c81affe8c9f9715c8c4311d80823d3ae852bedae36
condor-kbdd-7.6.5-0.14.2.el6_3.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: 3c0e9f895ed747a157be75b147817471
SHA-256: 9730c40d27e82d98edb151d019d9ba79e843e7869770a20ba132a2139da1d73a
condor-plumage-7.6.5-0.14.2.el6_3.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: c3a68e26d37df51cc6bcc344d20943d9
SHA-256: 75611d8832a78313ba9034931e221ff1b0b5b926f6d9b0a69dfe93e9056fbe8e
condor-qmf-7.6.5-0.14.2.el6_3.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: 9075e5934a1e135a07da66ee8332d289
SHA-256: db7e0c05521f328a49a26322083f101938d2f96257fa88e7fcb457c0e6b6cfc3
 
x86_64:
condor-7.6.5-0.14.2.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: bb6ccc3228c1e1f436b608b4beeaa223
SHA-256: 9e1ae4cd07cb299acd92d12ea5f14592bb98b749499dbf68441a936555afb7c3
condor-aviary-7.6.5-0.14.2.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 5c7820316bc393322f5241a4d0985655
SHA-256: abdc1e35d07a3e6d9124563cf3119a5d5d5acd0dccdb4cad09b04492dca6bc9b
condor-classads-7.6.5-0.14.2.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: b892caf8b7eb188e8cd19fe91666f085
SHA-256: 82cdbc1450bcd13fc56374869b790c4bd9cb8c588acbe8e6cb938bfaa6f8cfae
condor-debuginfo-7.6.5-0.14.2.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: fa41a167191a1efe00df58d536f7d8d2
SHA-256: 646eff896497a4d5e0c100149491e780b9b4f6a03607988f08feedc77ec91b54
condor-deltacloud-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 995e019de903c62abb85783dde78763e
SHA-256: 0772b92fdbfef7631021a70d92ba893afc2531997bdd711add2f5b4951123cf1
condor-kbdd-7.6.5-0.14.2.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 4a305b11f9847f2813888e34bd9b4298
SHA-256: 51bc775f11d6f0f8287a77a3757caee51bbc36568d51587ca0c3927a80fbca34
condor-plumage-7.6.5-0.14.2.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 5aa72cc8f12b967393cc64aff867108d
SHA-256: 46943aa376eb8eefd36c6d6222fd526546146ad308a24f0e713e89f06a9b51aa
condor-qmf-7.6.5-0.14.2.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: d7ef9bef2e819b4db1248367e1489d52
SHA-256: 83df68e863b393343e258a549f22467d74f223a25599703432e847b5ca7404a6
condor-vm-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: efd740f458e5393dd0a2a4dc9eee34dd
SHA-256: 12f13d9401948ffdc1eb10f70791b76a0648f0c25d02352591908e9fc9bdda83
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

841175 - CVE-2012-3416 condor: host based authentication does not implement forward-confirmed reverse dns


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/