Information Leakage and Arbitrary Job Control Vulnerability in condor_startd

Information Leakage and Arbitrary Job Control Vulnerability in condor_startd

CVE-2012-3493 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.

Learn more about our Web Application Penetration Testing UK.