HTCondor
Overview
Download
Documentation
Release Highlights
Release Schedule

HTCondor-CE
Overview
Download
Documentation
Release Highlights

General
News
Security
Documentation
Download

Documentation
HTCondor
HTCondor-CE

Support
HTCSS Contract Support
Community Mailing List
External Support Organizations

Email Lists
Users / Help
World / Announcements

Workshops
Throughput Computing 2024
Materials from past Workshops

HTCSS
What is HTCSS?
Logos

CHTC
Website ⬏
Staff ⬏
Jobs ⬏
Research & Publications ⬏

CONDOR-2008-0003

Summary:

User supplied input to condor_qedit can cause the condor_schedd to crash or potentially allow the execution of arbitrary code.

Component	Vulnerable Versions	Platform	Availability	Fix Available
condor_schedd	6.8.0 - 6.8.8 7.0.0 - 7.0.4 7.1.0 - 7.1.2	all	not known to be publicly exploited	6.8.9 7.0.5 7.1.3
Status	Access Required	Host Type Required	Effort Required	Impact/Consequences
Verified	local ordinary user with a condor authorization	submission host	medium	medium
Fixed Date	Credit
2008-Oct-07	Matthew Farrellee

Access Required:

local ordinary user with a condor authorization

This vulnerability requires local access on a machine where the user has write authorization to the condor_schedd (i.e., a host and account where the user can submit a job).

Effort Required:

medium

The use of ordinary condor command line tools is all that is required to exploit this vulnerability to cause a crash, running arbitrary code would require an experienced attacker if it is possible.

Impact/Consequences:

medium

The simplest effect of exploiting this vulnerability is a minor denial of service. It may be possible for a skilled attacker to run code as the condor user or root on the machine which would have a high impact.

Full Details:

The administrator of the Condor system can set attributes of the form SCHEDD_ROUND_ATTR_attr_name. These names are used to group attribute values during negotiation. When a new attribute value is inserted by the user when submitting a job or by using condor_qedit, a check is made to see if an attribute name formed by transforming the user supplied attribute name to the form above is present in the configuration of the condor_schedd. By appending the 18 characters to the attribute name (maximum of 1023 characters), the resulting string can overflow an internal buffer that is 1023 bytes long. This can cause the condor_schedd to crash. Although unlikely, a carefully crafted value may allow an attacker to modify the behavior of the program or execute arbitrary code.

This overflow may result in the condor_schedd crashing which is then automatically restarted, resulting in a small period of denial of service. It is possible that a carefully crafted input could result in the execution of arbitrary code.

Cause:

buffer overflow
failure to validate input

This vulnerability is caused by a buffer overflow. The overflow occurs because the length of the source is not verified to be smaller than the destination, and by using the dangerous function strcpy.

Actual Fix:

The vulnerability was fixed by using the function strncpy which truncates the string if it is too large for the buffer.

European HTCondor Workshop: Abstract Submission Open

Mining millions of genomes for the next powerful antibiotic

Collaborations Between Two National Laboratories and the OSG Consortium Propel Nuclear and High-Energy Physics Forward

NOAA funded marine scientist uses OSPool access to high throughput computing to explode her boundaries of research

Addressing the challenges of transferring large datasets with the OSDF

Learning and adapting with OSG: Investigating the strong nuclear force

What is HTCSS?

CONDOR-2008-0003