HTCONDOR-2017-0001


Summary:

 

A user can cause the condor_schedd to crash by submitting a job designed for that purpose. CVE-2017-16816


Component Vulnerable Versions Platform Availability Fix Available
condor_schedd All before 8.6.8 (stable) and 8.7.5 (devel) all not known to be publicly exploited 8.6.8, 8.7.5
Status Access Required Host Type Required Effort Required Impact/Consequences
Verified authorized HTCondor submitter any host low medium
Fixed Date Credit
2017-11-14 Edgar M Fajardo Hernandez
Brian Bockleman
Jaime Frey

Access Required:

authorized HTCondor submitter

This vulnerability requires the attacker to be able to submit a job to a condor_schedd.

Effort Required:

low

Using standard HTCondor binaries, an attacker with knowledge of the nature of this vulnerability and manipulating GSI proxies can cause a denial of service.

Impact/Consequences:

medium

Using a specially crafted proxy, an attacker can cause the condor_schedd to crash, essentially preventing any users from running jobs.

Workaround:

If your site does not use GSI, or if it does use GSI but does not utilize VOMS extensions, you can set "USE_VOMS_ATTRIBUTES = False" in your configuration to avoid the issue entirely.

Full Detials:

If a user submitted a job by authenticating with GSI, or that job carried a GSI certificate using the x509userproxy keyword, it was possible to crash the condor_schedd. Adding VOMS attributes to the proxy, but then setting either the VONAME or FQAN attribute to certificate that would cause HTCondor daemons to crash. This creates a potential denial of service that would prevent all users of HTCondor from submitting jobs.