HTCondor
Overview
Download
Documentation
Release Highlights
Release Schedule

HTCondor-CE
Overview
Download
Documentation
Release Highlights

General
News
Security
Documentation
Download

Documentation
HTCondor
HTCondor-CE

Support
HTCSS Contract Support
Community Mailing List
External Support Organizations

Email Lists
Users / Help
World / Announcements

Workshops
Throughput Computing 2024
Materials from past Workshops

HTCSS
What is HTCSS?
Logos

CHTC
Website ⬏
Staff ⬏
Jobs ⬏
Research & Publications ⬏

CONDOR-2008-0004

Summary:

User supplied input to condor_qedit can cause the condor_schedd to crash and not be able to recover.

Component	Vulnerable Versions	Platform	Availability	Fix Available
condor_schedd	6.8.0 - 6.8.8 7.0.0 - 7.0.4 7.1.0 - 7.1.2	all	not known to be publicly exploited	6.8.9 7.0.5 7.1.3
Status	Access Required	Host Type Required	Effort Required	Impact/Consequences
Verified	local ordinary user with a condor authorization	submission host	medium	medium
Fixed Date	Credit
2008-Oct-07	Matthew Farrellee

Access Required:

local ordinary user with a condor authorization

This vulnerability requires local access on a machine where the user has write authorization to the condor_schedd (i.e., a host and account where the user can submit a job).

Effort Required:

medium

The use of ordinary condor command line tools is all that is required in the first step of this vulnerability. A successful attack would then need the condor_schedd to restart which would require administrative privilege or another vulnerability.

Impact/Consequences:

medium

The effect of exploiting this vulnerability is that the condor_schedd will not be able to recover from a crash or restart without manual intervention.

Full Details:

A user can use condor_qedit to insert an attribute that does not have any value. This is illegal. The code creates an invalid log entry representing this value to the log before detecting that it is illegal. When the log is compressed, the log file is replaced and the new log will not contain the illegal record. Newer versions of Condor perform log compression as part of a clean shutdown which then requires a crash to exploit this vulnerability.

When the job queue log file is read upon restart recovery the illegal value is detected and the condor_schedd is aborted. This will occur each time the condor_schedd is restarted (by a condor_schedd crash, such as CONDOR-2008-0003, or waiting for routine maintenance) until the offending log record is removed the from the log file by hand.

For instance the command


      condor_qedit 1.0 BAD_ATTR ''

will write the following log record to job queue log (spool/job_queue.log):


      103 1.0 BAD_ATTR

Cause:

injection
denial of service
failure to validate input

This vulnerability is caused by a user being able to inject an invalid log record into the job queue log. When this record is later read the system deals with the invalid record by aborting.

Actual Fix:

When an attribute value is encountered where the value is the empty string, the value is replaced with the string UNDEFINED. This represents the undefined value in the classad language and is an appropriate choice to replace the invalid empty value.

European HTCondor Workshop: Abstract Submission Open

Mining millions of genomes for the next powerful antibiotic

Collaborations Between Two National Laboratories and the OSG Consortium Propel Nuclear and High-Energy Physics Forward

NOAA funded marine scientist uses OSPool access to high throughput computing to explode her boundaries of research

Addressing the challenges of transferring large datasets with the OSDF

Learning and adapting with OSG: Investigating the strong nuclear force

What is HTCSS?

CONDOR-2008-0004