oss-sec mailing list archives
CVE request: condor < 7.0.4
From: Mark J Cox <mjc () redhat com>
Date: Wed, 30 Jul 2008 10:01:00 +0100 (BST)
Needs CVE name https://lists.cs.wisc.edu/archive/condor-world/2008q2/msg00003.shtml leading to: http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html This release fixes a problem causing possible incorrect handling of wild cards in authorization lists. Examples of the configuration variables that specify authorization lists are ALLOW_WRITE DENY_WRITE HOSTALLOW_WRITE HOSTDENY_WRITE If a configuration variable uses the asterisk character (*) in configuration variables that specify the authorization policy, it is advisable to upgrade. This is especially true for the use of wild cards in any DENY list, since this problem could result in access being allowed, when it should have been denied. This issue affects all previous versions of Condor. Thanks, Mark -- Mark J Cox / Red Hat Security Response Team
Current thread:
- CVE request: condor < 7.0.4 Mark J Cox (Jul 30)
- Re: CVE request: condor < 7.0.4 Steven M. Christey (Jul 31)