HTCONDOR-2020-0002
Summary: |
|
||||||||||||||||||||||||
A piece of secret information is sent over the network in the clear if the administrator has not enabled daemon-to-daemon encryption. For pools configured without daemon-to-daemon encryption, an attacker could use this secret information to control the slot of another user, including running their own code as that user. CVE-2019-18823 |
|||||||||||||||||||||||||
| |||||||||||||||||||||||||
Access Required: |
|
||||||||||||||||||||||||
Be able to capture network traffic between a condor_schedd and a condor_startd. The condor_config settings must also be configured with no daemon-to-daemon encryption (the default) and match password authentication enabled (the default) to be vulnerable. |
|||||||||||||||||||||||||
Effort Required: |
high |
||||||||||||||||||||||||
A thorough understanding of the HTCondor code and the ability to write custom tools is required to exploit this vulnerability. If authentication has been set up for the pool and match password authentication is disabled, the attacker would also need to gain access to the condor credentials. If encryption has also been set up for the pool, you are not vulnerable. |
|||||||||||||||||||||||||
Impact/Consequences: |
high |
||||||||||||||||||||||||
Using the secret information, an attacker could manipulate another user's running job, including evicting that job or replacing that job with one that executes the attacker's own code. This could possibly allow the attacker to get access to the user's job data files which may contain sensitive information. Pools that are not configured to use daemon-to-daemon authentication or have match password authentication enabled (the default), and also are not using daemon-to-daemon encryption are vulnerable. |
|||||||||||||||||||||||||
Workaround: |
|||||||||||||||||||||||||
Depending on your site configuration, the workaround for this issue may be quite complicated and involve setting up authentication mechanisms that were not previous configured. We highly recommend upgrading to the latest version if at all possible, in which case you do not need to work around the issue as the new binaries are no longer vulnerable to this issue. To work around this issue, the administrator will first need to make sure that all daemon-to-daemon communication is authenticated. How this works varies significantly depending on your site configuration. Please consult the HowTo here: https://htcondor-wiki.cs.wisc.edu/index.cgi/wiki?p=EnablingAuthenticationCveTwo After enabling authentication, the administrator can then do one of two things:
After installing updated binaries or working around the issue, you should restart HTCondor. |
|||||||||||||||||||||||||
Full Details: |
Embargoed until future notice. |