Skip to navigation

Security Advisory Moderate: Red Hat Enterprise MRG Grid 2.2 security update

Advisory: RHSA-2012:1278-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-09-19
Last updated on: 2012-09-19
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5)
CVEs (cve.mitre.org): CVE-2012-2680
CVE-2012-2681
CVE-2012-2683
CVE-2012-2684
CVE-2012-2685
CVE-2012-2734
CVE-2012-2735
CVE-2012-3459
CVE-2012-3491
CVE-2012-3492
CVE-2012-3493

Details

Updated Grid component packages that fix several security issues, add
various enhancements and fix multiple bugs are now available for Red Hat
Enterprise MRG 2 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.

A number of unprotected resources (web pages, export functionality, image
viewing) were found in Cumin. An unauthenticated user could bypass intended
access restrictions, resulting in information disclosure. (CVE-2012-2680)

Cumin could generate weak session keys, potentially allowing remote
attackers to predict session keys and obtain unauthorized access to Cumin.
(CVE-2012-2681)

Multiple cross-site scripting flaws in Cumin could allow remote attackers
to inject arbitrary web script on a web page displayed by Cumin.
(CVE-2012-2683)

An SQL injection flaw in Cumin could allow remote attackers to manipulate
the contents of the back-end database via a specially-crafted URL.
(CVE-2012-2684)

When Cumin handled image requests, clients could request images of
arbitrary sizes. This could result in large memory allocations on the Cumin
server, leading to an out-of-memory condition. (CVE-2012-2685)

Cumin did not protect against Cross-Site Request Forgery attacks. If an
attacker could trick a user, who was logged into the Cumin web interface,
into visiting a specially-crafted web page, it could lead to unauthorized
command execution in the Cumin web interface with the privileges of the
logged-in user. (CVE-2012-2734)

A session fixation flaw was found in Cumin. An authenticated user able to
pre-set the Cumin session cookie in a victim's browser could possibly use
this flaw to steal the victim's session after they log into Cumin.
(CVE-2012-2735)

It was found that authenticated users could send a specially-crafted HTTP
POST request to Cumin that would cause it to submit a job attribute change
to Condor. This could be used to change internal Condor attributes,
including the Owner attribute, which could allow Cumin users to elevate
their privileges. (CVE-2012-3459)

It was discovered that Condor's file system authentication challenge
accepted directories with weak permissions (for example, world readable,
writable and executable permissions). If a user created a directory with
such permissions, a local attacker could rename it, allowing them to
execute jobs with the privileges of the victim user. (CVE-2012-3492)

It was discovered that Condor exposed private information in the data in
the ClassAds format served by condor_startd. An unauthenticated user able
to connect to condor_startd's port could request a ClassAd for a running
job, provided they could guess or brute-force the PID of the job. This
could expose the ClaimId which, if obtained, could be used to control the
job as well as start new jobs on the system. (CVE-2012-3493)

It was discovered that the ability to abort a job in Condor only required
WRITE authorization, instead of a combination of WRITE authorization and
job ownership. This could allow an authenticated attacker to bypass
intended restrictions and abort any idle job on the system. (CVE-2012-3491)

The above issues were discovered by Florian Weimer of the Red Hat Product
Security Team.

This update also provides defense in depth patches for Condor. (BZ#848212,
BZ#835592, BZ#841173, BZ#843476)

These updated packages for Red Hat Enterprise Linux 5 provide numerous
enhancements and bug fixes for the Grid component of MRG. Some highlights
include:

* Integration with Red Hat Enterprise Virtualization Manager via Deltacloud
* Role enforcement in Cumin
* Cumin authentication integration with LDAP
* Enhanced Red Hat HA integration managing multiple-schedulers nodes
* Generic local resource limits for partitionable slots
* Concurrency limit groups

Space precludes documenting all of these changes in this advisory. Refer to
the Red Hat Enterprise MRG 2 Technical Notes document, linked to in the
References section, for information on these changes.


Solution

All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised
to upgrade to these updated packages, which resolve the issues and add the
enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor
and Cumin must be restarted for this update to take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5)

SRPMS:
condor-7.6.5-0.22.el5.src.rpm
File outdated by:  RHSA-2013:1295
    MD5: d904827a47fa0f28f756394848e5e5b5
SHA-256: 5cfccc6f8811288c29b35ffa634b0ebda38ac6d7e1e1da4890ed45841198b600
condor-wallaby-4.1.3-1.el5.src.rpm
File outdated by:  RHSA-2013:0564
    MD5: 2f28de62882707702250dccd9a428d48
SHA-256: 965fe2511982a7d012847eae29e5d4af433d115b07522aaa0c6c200cee7b7445
condor-wallaby-base-db-1.23-1.el5.src.rpm
File outdated by:  RHSA-2013:0564
    MD5: c3d31ea1d963d823ce7b8c5198bc0948
SHA-256: 202a27e842c769cec3e241679d5f2c5903b92979ebd0fd2d3c7221d877e65c53
cumin-0.1.5444-3.el5.src.rpm
File outdated by:  RHSA-2013:1851
    MD5: f4dd0e4460fbade31bd0158876e3060e
SHA-256: 280ee0e3cabf0ad6aff89d9a180745383f0e436f62c55317abe7c29b8f7b5818
sesame-1.0-4.el5.src.rpm
File outdated by:  RHSA-2013:0564
    MD5: a8a365aca2ef6d011740b0db1d0ea53b
SHA-256: a4d16df2ebbddc9c4e5fef843fcf5ae687751b8936fd2a5caef2bc7055b49aa0
wallaby-0.12.5-10.el5.src.rpm
File outdated by:  RHSA-2013:0564
    MD5: 251c48657a9ff40cd51d8af7d1f4643c
SHA-256: 548e1d7b1b6d2522e6473e207b7614c36a7e7f4c25cbd75618c4537b7c65b56e
 
IA-32:
condor-7.6.5-0.22.el5.i386.rpm
File outdated by:  RHSA-2013:1295
    MD5: e6097c73f192912299266bfcf2adb84e
SHA-256: 893da53af25ab4f239d9213ce2739c7146694ca8e851ecbee48f28a635d36496
condor-aviary-7.6.5-0.22.el5.i386.rpm
File outdated by:  RHSA-2013:1295
    MD5: 520bc7c7adf1b218c6b7d3fcb6215559
SHA-256: 912932e2eb79c7a61252f35eaf67368e1a43b44e3f6299c92420c6f0c23a34c5
condor-classads-7.6.5-0.22.el5.i386.rpm
File outdated by:  RHSA-2013:1295
    MD5: 8abb5b8151c45ae9675f02b82eadc34a
SHA-256: 87f593c15db84756b23bbc54d400e30c022df5040aa7e85087317339b6bdc019
condor-kbdd-7.6.5-0.22.el5.i386.rpm
File outdated by:  RHSA-2013:1295
    MD5: fdec8859858920eaaeb45122d1582fe2
SHA-256: d95ef81a0bed832915276fd035f60c536e133b67894d4191746800f1a37dd7df
condor-qmf-7.6.5-0.22.el5.i386.rpm
File outdated by:  RHSA-2013:1295
    MD5: a45823485301bd2ff790eb9944736ea9
SHA-256: 1ec0d592ed5c98d559755fa3b3b5eaa7456d5158f22ea14eedeefea8e6c24af3
condor-vm-gahp-7.6.5-0.22.el5.i386.rpm
File outdated by:  RHSA-2013:1295
    MD5: c01255f76088a0597fd7a4d92a4eb1cd
SHA-256: 405b2816aa867e5375177ab5e65bb7266e0e97fb940632255966f3a936af43d9
condor-wallaby-base-db-1.23-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 777f538cca5b9665336eef85377a67b1
SHA-256: 17ff08798d17862b1ebedf5bb1a5bf1b72adb94fbb55705fd889d163c5c85ddb
condor-wallaby-client-4.1.3-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 5a02099084a831e102cba68061af995c
SHA-256: 67994805e4df48951206f25433e1f409127113cd1d047bdb90ef04d973f58911
condor-wallaby-tools-4.1.3-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: fc32866282608f713485115d6a84ce37
SHA-256: c24412770767957c5501c6a765511bbb4f353d4562195042a8ae2a7b989b46a1
cumin-0.1.5444-3.el5.noarch.rpm
File outdated by:  RHSA-2013:1851
    MD5: 1569c07a4e08742f870eda9eb0dff8b7
SHA-256: 8c7b20d4f42e654eb97e34a945b8c29a44075289376484c4e0b909a4a28f044c
python-wallaby-0.12.5-10.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 2c859dd1a6ccc24a684115148c5426b2
SHA-256: 32d6c7f58ebc792de7056c594588b4b47104926ce3cbca7b6fbe6dd731b4f95e
python-wallabyclient-4.1.3-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 2e6ca56d0fe3f5d368ee6ef2b919ab15
SHA-256: 840417819f617319649d5a57bdbda005d7167bd28b8a97e7d61673d9cf81fa79
ruby-wallaby-0.12.5-10.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: e0c8a9c7d3c3fb79c9c99ff05c3659d2
SHA-256: 0717d13e6d563120feb3ca86590bf23479556858ba283c76087cdd885d4fd4ad
sesame-1.0-4.el5.i386.rpm
File outdated by:  RHSA-2013:0564
    MD5: 2b60cf736a8359614bbd21f43ea59baa
SHA-256: 02d12abea79bb54929d44f62e5920928b10909cbd538e939c28e0739bc365356
wallaby-0.12.5-10.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 3514972b5f6408925b5c0075cb1d4cd4
SHA-256: d00b6be252d91a88503b65c9cf7389684ce3407d9b53efa12f09e2d622f3b9de
wallaby-utils-0.12.5-10.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 9cccfa23420cd0b9898d3c7118b3d5a6
SHA-256: 419e3ad51769d75d258bd1ff6e8656bf2342355fbd543013850718fe4622f2be
 
x86_64:
condor-7.6.5-0.22.el5.x86_64.rpm
File outdated by:  RHSA-2013:1295
    MD5: 14cd0b613c763d14151daf9773cc0e56
SHA-256: 2ef2a5ba946cf0cc7e9f2dadb2164dac22877573cc24560354baefad7f8971fb
condor-aviary-7.6.5-0.22.el5.x86_64.rpm
File outdated by:  RHSA-2013:1295
    MD5: 61fe5fd2da15c7de49604315b6202317
SHA-256: f62ea64b2e44ffef991eb598c694e17da3afc69d5a653dc53143c829b80f33c3
condor-classads-7.6.5-0.22.el5.x86_64.rpm
File outdated by:  RHSA-2013:1295
    MD5: 8de5d7139ec4ce71ea1b67972ef606f5
SHA-256: 5caba0f887358a61589c14b9505e1ca8aee618ed866c30b7cb03635e9fb72ecd
condor-kbdd-7.6.5-0.22.el5.x86_64.rpm
File outdated by:  RHSA-2013:1295
    MD5: 1b03c23ec4f30618580ad18e82b691cf
SHA-256: 90f8b066a30a2c3c13ffb2d61382bfef9e997747dcf1a96da6ab691ae69e6737
condor-qmf-7.6.5-0.22.el5.x86_64.rpm
File outdated by:  RHSA-2013:1295
    MD5: a6b493de26eeba0d4cf659baeb0f8620
SHA-256: 83d934d78db71b18ac57b873a69d4ec718b43f5255b68f3ce608b60e34c65d22
condor-vm-gahp-7.6.5-0.22.el5.x86_64.rpm
File outdated by:  RHSA-2013:1295
    MD5: a122f8b073a70b587d5f2cb12f4cae35
SHA-256: fc44cc3cd4841df48ac492e96ed684f5f7ac39e03855d113bfecd7fa605b7555
condor-wallaby-base-db-1.23-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 777f538cca5b9665336eef85377a67b1
SHA-256: 17ff08798d17862b1ebedf5bb1a5bf1b72adb94fbb55705fd889d163c5c85ddb
condor-wallaby-client-4.1.3-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 5a02099084a831e102cba68061af995c
SHA-256: 67994805e4df48951206f25433e1f409127113cd1d047bdb90ef04d973f58911
condor-wallaby-tools-4.1.3-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: fc32866282608f713485115d6a84ce37
SHA-256: c24412770767957c5501c6a765511bbb4f353d4562195042a8ae2a7b989b46a1
cumin-0.1.5444-3.el5.noarch.rpm
File outdated by:  RHSA-2013:1851
    MD5: 1569c07a4e08742f870eda9eb0dff8b7
SHA-256: 8c7b20d4f42e654eb97e34a945b8c29a44075289376484c4e0b909a4a28f044c
python-wallaby-0.12.5-10.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 2c859dd1a6ccc24a684115148c5426b2
SHA-256: 32d6c7f58ebc792de7056c594588b4b47104926ce3cbca7b6fbe6dd731b4f95e
python-wallabyclient-4.1.3-1.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 2e6ca56d0fe3f5d368ee6ef2b919ab15
SHA-256: 840417819f617319649d5a57bdbda005d7167bd28b8a97e7d61673d9cf81fa79
ruby-wallaby-0.12.5-10.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: e0c8a9c7d3c3fb79c9c99ff05c3659d2
SHA-256: 0717d13e6d563120feb3ca86590bf23479556858ba283c76087cdd885d4fd4ad
sesame-1.0-4.el5.x86_64.rpm
File outdated by:  RHSA-2013:0564
    MD5: 3f577d268e2b52f6d254ceba39653cf8
SHA-256: d0ca58e3144001e7cccc4163c22fe61a10ba9d76481e991b82e45c380d1ae1c2
wallaby-0.12.5-10.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 3514972b5f6408925b5c0075cb1d4cd4
SHA-256: d00b6be252d91a88503b65c9cf7389684ce3407d9b53efa12f09e2d622f3b9de
wallaby-utils-0.12.5-10.el5.noarch.rpm
File outdated by:  RHSA-2013:0564
    MD5: 9cccfa23420cd0b9898d3c7118b3d5a6
SHA-256: 419e3ad51769d75d258bd1ff6e8656bf2342355fbd543013850718fe4622f2be
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

721110 - RFE: Concurrency limit default grouping
748507 - Wallaby provides DAEMON_LIST = >=MASTER -> condor_master failed to startup
769573 - Role enforcement in Cumin
794660 - Partitionable slots can create more dynamic slots than CPUs
799838 - Jobs in IDLE or RUNNING state aren't visible via aviary API after HISTORY_INTERVAL period.
806071 - Update Job/Query Server definition
806079 - Add VM_NETWORKING_BRIDGE_INTERFACE
807738 - DAEMON_LIST should not be needs_restart
810519 - Wrong deltacloud hold jobs are not removed
812126 - Do not accept configuration of *.PLUGINS outside of wallaby
827558 - CVE-2012-2681 cumin: weak session keys
829421 - CVE-2012-2680 cumin: authentication bypass flaws
830243 - CVE-2012-2683 cumin: multiple XSS flaws
830245 - CVE-2012-2684 cumin: SQL injection flaw
830248 - CVE-2012-2685 cumin: DoS via large image requests
832124 - CVE-2012-2734 cumin: CSRF flaw
832151 - CVE-2012-2735 cumin: session fixation flaw
846501 - CVE-2012-3459 cumin: allows for editing internal Condor job attributes
848212 - CVE-2012-3490 condor: does not check return value of setuid and similar calls, exploitable via VMware support
848214 - CVE-2012-3491 condor: local users can abort any idle jobs
848218 - CVE-2012-3492 condor: lock directories created mode 0777 allow for FS-based authentication challenge bypass
848222 - CVE-2012-3493 condor: GIVE_REQUEST_AD leaks privileged ClaimId information
852321 - Missing SPOOL settings in HAScheduler feature


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/