Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-3490

Опубликовано: 19 сент. 2012
Источник: redhat
CVSS2: 4.6
EPSS Низкий

Описание

The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.

Отчет

Not vulnerable. This issue did not affect the versions of condor as shipped with Red Hat Enterprise MRG as it does not include the vulnerable code (VMware support is not compiled in).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise MRG 2condorNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=848212condor: does not check return value of setuid and similar calls, exploitable via VMware support

EPSS

Процентиль: 83%
0.01956
Низкий

4.6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-3490

CVSS3: 8.8
ubuntu
около 6 лет назад

The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.

nvd логотип

CVE-2012-3490

CVSS3: 8.8
nvd
около 6 лет назад

The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.

debian логотип

CVE-2012-3490

CVSS3: 8.8
debian
около 6 лет назад

The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils ...

github логотип

GHSA-p9fv-x796-2hrm

github
почти 4 года назад

The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.

EPSS

Процентиль: 83%
0.01956
Низкий

4.6 Medium

CVSS2