Impact: Important Public Date: 2015-01-12 CWE: CWE-78 Bugzilla: 1169800: CVE-2014-8126 condor: mailx invocation enables code execution as condor user The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user.
Find out more about CVE-2014-8126 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 8.5 |
---|---|
Base Metrics | AV:N/AC:L/Au:S/C:C/I:C/A:N |
Access Vector | Network |
Access Complexity | Low |
Authentication | Single |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
MRG Grid for RHEL 5 Server v.2 (condor) | RHSA-2015:0036 | 2015-01-12 |
Red Hat MRG Grid Execute Node for RHEL 6 ComputeNode v.2 (condor) | RHSA-2015:0035 | 2015-01-12 |
Red Hat MRG Grid for RHEL 6 Server v.2 (condor) | RHSA-2015:0035 | 2015-01-12 |