Red Hat Product Errata RHSA-2012:1169 - Security Advisory
Issued:
2012-08-14
Updated:
2012-08-14

RHSA-2012:1169 - Security Advisory

Synopsis

Important: condor security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated condor packages that fix one security issue are now available for
Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

Condor is a specialized workload management system for compute-intensive
jobs. It provides a job queuing mechanism, scheduling policy, priority
scheme, and resource monitoring and management.

Condor installations that rely solely upon host-based authentication were
vulnerable to an attacker who controls an IP, its reverse-DNS entry and has
knowledge of a target site's security configuration. With this control and
knowledge, the attacker could bypass the target site's host-based
authentication and be authorized to perform privileged actions (i.e.
actions requiring ALLOW_ADMINISTRATOR or ALLOW_WRITE). Condor deployments
using host-based authentication that contain no hostnames (IPs or IP globs
only) or use authentication stronger than host-based are not vulnerable.
(CVE-2012-3416)

Note: Condor will not run jobs as root; therefore, this flaw cannot lead to
a compromise of the root user account.

Red Hat would like to thank Ken Hahn and Dan Bradley for reporting this
issue.

All Red Hat Enterprise MRG 2.1 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
Condor must be restarted for the update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • MRG Grid 2 for RHEL 6 x86_64
  • MRG Grid 2 for RHEL 6 i386
  • MRG Grid Execute 2 x86_64
  • MRG Grid Execute 2 i386
  • MRG Grid from RHUI 2 for RHEL 6 x86_64

Fixes

  • BZ - 841175 - CVE-2012-3416 condor: host based authentication does not implement forward-confirmed reverse dns

MRG Grid 2 for RHEL 6

SRPM
condor-7.6.5-0.14.2.el6_3.src.rpm SHA-256: 6259faacdaeb53bc1ececa6b9a5fb322480a7eafaef5ccd9194a4b0cf1e83838
x86_64
condor-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 9e1ae4cd07cb299acd92d12ea5f14592bb98b749499dbf68441a936555afb7c3
condor-aviary-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: abdc1e35d07a3e6d9124563cf3119a5d5d5acd0dccdb4cad09b04492dca6bc9b
condor-classads-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 82cdbc1450bcd13fc56374869b790c4bd9cb8c588acbe8e6cb938bfaa6f8cfae
condor-debuginfo-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 646eff896497a4d5e0c100149491e780b9b4f6a03607988f08feedc77ec91b54
condor-deltacloud-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 0772b92fdbfef7631021a70d92ba893afc2531997bdd711add2f5b4951123cf1
condor-kbdd-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 51bc775f11d6f0f8287a77a3757caee51bbc36568d51587ca0c3927a80fbca34
condor-plumage-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 46943aa376eb8eefd36c6d6222fd526546146ad308a24f0e713e89f06a9b51aa
condor-qmf-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 83df68e863b393343e258a549f22467d74f223a25599703432e847b5ca7404a6
condor-vm-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 12f13d9401948ffdc1eb10f70791b76a0648f0c25d02352591908e9fc9bdda83
i386
condor-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: 0825214c3092127da91c65a8c99e532c62970a58bfa6f453bca8ee381bdc6711
condor-aviary-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: eac30ece9c11b6d1074e8ce3c634b0523c2ad085919b7ed544786925d3530ccf
condor-classads-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: 8ec3953b1a861d1664b3adddacc5d44b4f1360b7b0c21cb5040d97ac0969e37b
condor-debuginfo-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: 0474ba65502d91aae48b75c81affe8c9f9715c8c4311d80823d3ae852bedae36
condor-kbdd-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: 9730c40d27e82d98edb151d019d9ba79e843e7869770a20ba132a2139da1d73a
condor-plumage-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: 75611d8832a78313ba9034931e221ff1b0b5b926f6d9b0a69dfe93e9056fbe8e
condor-qmf-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: db7e0c05521f328a49a26322083f101938d2f96257fa88e7fcb457c0e6b6cfc3

MRG Grid Execute 2

SRPM
condor-7.6.5-0.14.2.el6_3.src.rpm SHA-256: 6259faacdaeb53bc1ececa6b9a5fb322480a7eafaef5ccd9194a4b0cf1e83838
x86_64
condor-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 9e1ae4cd07cb299acd92d12ea5f14592bb98b749499dbf68441a936555afb7c3
condor-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 9e1ae4cd07cb299acd92d12ea5f14592bb98b749499dbf68441a936555afb7c3
condor-classads-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 82cdbc1450bcd13fc56374869b790c4bd9cb8c588acbe8e6cb938bfaa6f8cfae
condor-classads-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 82cdbc1450bcd13fc56374869b790c4bd9cb8c588acbe8e6cb938bfaa6f8cfae
condor-debuginfo-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 646eff896497a4d5e0c100149491e780b9b4f6a03607988f08feedc77ec91b54
condor-debuginfo-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 646eff896497a4d5e0c100149491e780b9b4f6a03607988f08feedc77ec91b54
condor-kbdd-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 51bc775f11d6f0f8287a77a3757caee51bbc36568d51587ca0c3927a80fbca34
condor-kbdd-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 51bc775f11d6f0f8287a77a3757caee51bbc36568d51587ca0c3927a80fbca34
condor-qmf-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 83df68e863b393343e258a549f22467d74f223a25599703432e847b5ca7404a6
condor-qmf-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 83df68e863b393343e258a549f22467d74f223a25599703432e847b5ca7404a6
condor-vm-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 12f13d9401948ffdc1eb10f70791b76a0648f0c25d02352591908e9fc9bdda83
condor-vm-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 12f13d9401948ffdc1eb10f70791b76a0648f0c25d02352591908e9fc9bdda83
i386
condor-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: 0825214c3092127da91c65a8c99e532c62970a58bfa6f453bca8ee381bdc6711
condor-classads-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: 8ec3953b1a861d1664b3adddacc5d44b4f1360b7b0c21cb5040d97ac0969e37b
condor-debuginfo-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: 0474ba65502d91aae48b75c81affe8c9f9715c8c4311d80823d3ae852bedae36
condor-kbdd-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: 9730c40d27e82d98edb151d019d9ba79e843e7869770a20ba132a2139da1d73a
condor-qmf-7.6.5-0.14.2.el6_3.i686.rpm SHA-256: db7e0c05521f328a49a26322083f101938d2f96257fa88e7fcb457c0e6b6cfc3

MRG Grid from RHUI 2 for RHEL 6

SRPM
condor-7.6.5-0.14.2.el6_3.src.rpm SHA-256: 6259faacdaeb53bc1ececa6b9a5fb322480a7eafaef5ccd9194a4b0cf1e83838
x86_64
condor-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 9e1ae4cd07cb299acd92d12ea5f14592bb98b749499dbf68441a936555afb7c3
condor-aviary-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: abdc1e35d07a3e6d9124563cf3119a5d5d5acd0dccdb4cad09b04492dca6bc9b
condor-classads-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 82cdbc1450bcd13fc56374869b790c4bd9cb8c588acbe8e6cb938bfaa6f8cfae
condor-debuginfo-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 646eff896497a4d5e0c100149491e780b9b4f6a03607988f08feedc77ec91b54
condor-deltacloud-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 0772b92fdbfef7631021a70d92ba893afc2531997bdd711add2f5b4951123cf1
condor-kbdd-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 51bc775f11d6f0f8287a77a3757caee51bbc36568d51587ca0c3927a80fbca34
condor-plumage-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 46943aa376eb8eefd36c6d6222fd526546146ad308a24f0e713e89f06a9b51aa
condor-qmf-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 83df68e863b393343e258a549f22467d74f223a25599703432e847b5ca7404a6
condor-vm-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm SHA-256: 12f13d9401948ffdc1eb10f70791b76a0648f0c25d02352591908e9fc9bdda83

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.