CONDOR-2012-0002
Summary: |
|
||||||||||||||||||||||||
Condor installations that rely solely upon host-based authentication are vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker can bypass the target site's host-based authentication and be authorized to perform privileged actions (i.e. actions requiring ALLOW_ADMINISTRATOR or ALLOW_WRITE). Condor deployments using host-based authentication that contain no hostnames (IPs or IP globs only) or use authentication stronger than host-based are not vulnerable. CVE-2012-3416 |
|||||||||||||||||||||||||
| |||||||||||||||||||||||||
Access Required: |
any person who can control their reverse-DNS records |
||||||||||||||||||||||||
If an attacker is able to modifiy their own reverse DNS records, and can connect to the Condor daemon, they may be authorized to perform privileged actions. |
|||||||||||||||||||||||||
Effort Required: |
low |
||||||||||||||||||||||||
To exploit this, an attacker just needs to be have configuration knowledge of the target Condor daemons. |
|||||||||||||||||||||||||
Impact/Consequences: |
high |
||||||||||||||||||||||||
If an attacker is successfully able to circumvent the authorization, they may perform actions as the Condor administrator (such as turning off Condor) or potentially as other users of the system (such as running a job). |
|||||||||||||||||||||||||
Cause: |
unvalidated information |
||||||||||||||||||||||||
When looking up information, Condor does not validate that the DNS name returned actually points to the IP address claimed. |
|||||||||||||||||||||||||
Proposed Fix: |
|
||||||||||||||||||||||||
Check the DNS mapping. |
|||||||||||||||||||||||||
Actual Fix: |
|
||||||||||||||||||||||||
As proposed. |