Red Hat Product Errata RHSA-2012:1168 - Security Advisory

Issued:: 2012-08-14
Updated:: 2012-08-14

RHSA-2012:1168 - Security Advisory

Overview
Updated Packages

Synopsis

Important: condor security update

Type/Severity

Security Advisory: Important

Topic

Updated condor packages that fix one security issue are now available for
Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

Condor is a specialized workload management system for compute-intensive
jobs. It provides a job queuing mechanism, scheduling policy, priority
scheme, and resource monitoring and management.

Condor installations that rely solely upon host-based authentication were
vulnerable to an attacker who controls an IP, its reverse-DNS entry and has
knowledge of a target site's security configuration. With this control and
knowledge, the attacker could bypass the target site's host-based
authentication and be authorized to perform privileged actions (i.e.
actions requiring ALLOW_ADMINISTRATOR or ALLOW_WRITE). Condor deployments
using host-based authentication that contain no hostnames (IPs or IP globs
only) or use authentication stronger than host-based are not vulnerable.
(CVE-2012-3416)

Note: Condor will not run jobs as root; therefore, this flaw cannot lead to
a compromise of the root user account.

Red Hat would like to thank Ken Hahn and Dan Bradley for reporting this
issue.

All Red Hat Enterprise MRG 2.1 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
Condor must be restarted for the update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

MRG Grid 2 for RHEL 5 x86_64
MRG Grid 2 for RHEL 5 i386
MRG Grid from RHUI 2 for RHEL 5 x86_64

Fixes

BZ - 841175 - CVE-2012-3416 condor: host based authentication does not implement forward-confirmed reverse dns

CVEs

CVE-2012-3416

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Grid 2 for RHEL 5

SRPM
condor-7.6.5-0.14.2.el5.src.rpm	SHA-256: bf1536025a2e5201786f5284bdf275ff8442a7bd1b214655cc4267cc681c6dbe
x86_64
condor-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: eb43efb55fbb566cfdf9a5e7ff51c6bac5dddd38ac00c59aee4cc44536f9ea90
condor-aviary-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: f2b6e4d0f930585449cadb1f249cac23c81932fbd6e2bf3815edf96307762c96
condor-classads-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: 9cf13715bc2a9e53fbd958af6ebd51690c1f1040b6002e65d3b2502c5e919fa8
condor-kbdd-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: bd98faa011bd962c5988b20b67b3d70d7da2ec77077d0fc767702be3715f4db8
condor-qmf-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: ac132867262cd8a44b8fb1a22d47ba2dd817ea13bbf431e27d420b6ea682e45a
condor-vm-gahp-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: 27bfa549c5f86cc5ae38b293d7878db76d3d63c629684acc9ebd491e4a7060bf
i386
condor-7.6.5-0.14.2.el5.i386.rpm	SHA-256: 114a6d38ec61a567705e2402fb673a5f21a8443f28be12c397b177f41a1919af
condor-aviary-7.6.5-0.14.2.el5.i386.rpm	SHA-256: 993d4c43c68d4c155f97a89799d39b7a370f22bd5e5a974199039fdb6e8e414a
condor-classads-7.6.5-0.14.2.el5.i386.rpm	SHA-256: 731f55f8b4d28f9111eeebd52eec7dcc25996f90644310e69ae816732c23238a
condor-kbdd-7.6.5-0.14.2.el5.i386.rpm	SHA-256: 12e7c2130d93d4bff55704b0b493b34c96ef3cc7cae952766412d466b0b71d0c
condor-qmf-7.6.5-0.14.2.el5.i386.rpm	SHA-256: 2fe821b4afe90cfcb8b5418c71c91faa5c9cb45a7315548e5488abbdee88c18d
condor-vm-gahp-7.6.5-0.14.2.el5.i386.rpm	SHA-256: 68127f512b34519a42058e3b7602e6d5260b1737f2517b94f2960f4098216235

MRG Grid from RHUI 2 for RHEL 5

SRPM
condor-7.6.5-0.14.2.el5.src.rpm	SHA-256: bf1536025a2e5201786f5284bdf275ff8442a7bd1b214655cc4267cc681c6dbe
x86_64
condor-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: eb43efb55fbb566cfdf9a5e7ff51c6bac5dddd38ac00c59aee4cc44536f9ea90
condor-aviary-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: f2b6e4d0f930585449cadb1f249cac23c81932fbd6e2bf3815edf96307762c96
condor-classads-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: 9cf13715bc2a9e53fbd958af6ebd51690c1f1040b6002e65d3b2502c5e919fa8
condor-kbdd-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: bd98faa011bd962c5988b20b67b3d70d7da2ec77077d0fc767702be3715f4db8
condor-qmf-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: ac132867262cd8a44b8fb1a22d47ba2dd817ea13bbf431e27d420b6ea682e45a
condor-vm-gahp-7.6.5-0.14.2.el5.x86_64.rpm	SHA-256: 27bfa549c5f86cc5ae38b293d7878db76d3d63c629684acc9ebd491e4a7060bf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories