HTCondor
Overview
Download
Documentation
Release Highlights
Release Schedule

HTCondor-CE
Overview
Download
Documentation
Release Highlights

General
News
Security
Documentation
Download

Documentation
HTCondor
HTCondor-CE

Support
HTCSS Contract Support
Community Mailing List
External Support Organizations

Email Lists
Users / Help
World / Announcements

Workshops
Throughput Computing 2024
Materials from past Workshops

HTCSS
What is HTCSS?
Logos

CHTC
Website ⬏
Staff ⬏
Jobs ⬏
Research & Publications ⬏

CONDOR-2012-0001

Summary:

A malicious user can crash the condor_schedd, causing a denial of service to other submitters. CVE-2011-4930

Component	Vulnerable Versions	Platform	Availability	Fix Available
condor_schedd	7.2.0 - 7.6.4	all	not known to be publicly available	7.6.5
Status	Access Required	Host Type Required	Effort Required	Impact/Consequences
Verified	any person who can submit condor jobs		low	medium
Fixed Date	Credit
2011-Nov-23	Dan Bradley Condor team

Access Required:

any person who can submit condor jobs

The vulnerability requires the user to be able to submit jobs to Condor.

Effort Required:

low

To exploit this, an attacker just needs to be able to submit a malicious job to a Condor system, and subsequently place the job on hold.

Impact/Consequences:

medium

If an attacker is successfully able to submit a malicious job, they can cause the condor_schedd to crash by placing the job on hold and providing an appropriate string as the reason. Causing the condor_schedd to crash affects other users of the same system, thus causing this to be a Denial Of Service attack.

Full Details:

Condor is a batch system used for submitting and executing jobs and is often is run as a service for multiple users. One malicious user can, using this security flaw, deny access to other users of the same system by repeatedly crashing the condor_schedd.

To do so a user must submit a job that uses an XML user log, and then place the job on hold specifying a reason on the command line that contains printf-style formatting characters such as "%n".

Cause:

injection

When writing the hold reason to the log, an improperly coded printf statement allows the end user to specify a string that is interpreted as a format string.

Proposed Fix:

Use the "%s" format specifier for printf. This code was added in commit [28429]

Actual Fix:

As proposed.

European HTCondor Workshop: Abstract Submission Open

Mining millions of genomes for the next powerful antibiotic

Collaborations Between Two National Laboratories and the OSG Consortium Propel Nuclear and High-Energy Physics Forward

NOAA funded marine scientist uses OSPool access to high throughput computing to explode her boundaries of research

Addressing the challenges of transferring large datasets with the OSDF

Learning and adapting with OSG: Investigating the strong nuclear force

What is HTCSS?

CONDOR-2012-0001