CONDOR-2012-0002


Summary:

 

Condor installations that rely solely upon host-based authentication are vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker can bypass the target site's host-based authentication and be authorized to perform privileged actions (i.e. actions requiring ALLOW_ADMINISTRATOR or ALLOW_WRITE). Condor deployments using host-based authentication that contain no hostnames (IPs or IP globs only) or use authentication stronger than host-based are not vulnerable. CVE-2012-3416


Component Vulnerable Versions Platform Availability Fix Available
Condor daemons all all not known to be publicly available 7.8.2
Status Access Required Host Type Required Effort Required Impact/Consequences
Verified any remote user ability to control DNS low high
Fixed Date Credit
2012-Aug-14 Ken Hahn
Dan Bradley
Condor team

Access Required:

any person who can control their reverse-DNS records

If an attacker is able to modifiy their own reverse DNS records, and can connect to the Condor daemon, they may be authorized to perform privileged actions.

Effort Required:

low

To exploit this, an attacker just needs to be have configuration knowledge of the target Condor daemons.

Impact/Consequences:

high

If an attacker is successfully able to circumvent the authorization, they may perform actions as the Condor administrator (such as turning off Condor) or potentially as other users of the system (such as running a job).

Cause:

unvalidated information

When looking up information, Condor does not validate that the DNS name returned actually points to the IP address claimed.

Proposed Fix:

 

Check the DNS mapping.

Actual Fix:

 

As proposed.