Published: 09/01/2020 Updated: 07/11/2023

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x prior to 7.6.10 and 7.8.x prior to 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote malicious users to gain privileges via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wisc htcondor

Debian Bug report logs - #688210 condor: Multiple security issues Package: condor; Maintainer for condor is HTCondor Developers <condor-debian@cswiscedu>; Source for condor is src:condor (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 20 Sep 2012 10:57:01 UTC Severity: grave Tags: ...

Synopsis Moderate: Red Hat Enterprise MRG Grid 22 security update Type/Severity Security Advisory: Moderate Topic Updated Grid component packages that fix several security issues, addvarious enhancements and fix multiple bugs are now available for Red HatEnterprise MRG 2 for Red Hat Enterprise Linux 5The ...

Synopsis Moderate: Red Hat Enterprise MRG Grid 22 security update Type/Severity Security Advisory: Moderate Topic Updated Grid component packages that fix several security issues, addvarious enhancements and fix multiple bugs are now available for Red HatEnterprise MRG 2 for Red Hat Enterprise Linux 6The ...

NVD-CWE-noinfo http://www.openwall.com/lists/oss-security/2012/09/20/9 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3490 http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html http://condor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=94e84ce4 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210 https://nvd.nist.gov

CVE-2012-3490

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect