A user can cause the condor_schedd to crash by submitting a job designed for that purpose. CVE-2017-16816

Component Vulnerable Versions Platform Availability Fix Available
condor_schedd All before 8.6.8 (stable) and 8.7.5 (devel) all not known to be publicly exploited 8.6.8, 8.7.5
Status Access Required Host Type Required Effort Required Impact/Consequences
Verified authorized HTCondor submitter any host low medium
Fixed Date Credit
2017-11-14 Edgar M Fajardo Hernandez
Brian Bockleman
Jaime Frey

Access Required:

authorized HTCondor submitter

This vulnerability requires the attacker to be able to submit a job to a condor_schedd.

Effort Required:


Using standard HTCondor binaries, an attacker with knowledge of the nature of this vulnerability and manipulating GSI proxies can cause a denial of service.



Using a specially crafted proxy, an attacker can cause the condor_schedd to crash, essentially preventing any users from running jobs.


If your site does not use GSI, or if it does use GSI but does not utilize VOMS extensions, you can set "USE_VOMS_ATTRIBUTES = False" in your configuration to avoid the issue entirely.

Full Detials:

Embargoed until at least January 1, 2018