CVE-2010-4179

critical

Description

The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.

References

https://bugzilla.redhat.com/show_bug.cgi?id=654856

http://www.vupen.com/english/advisories/2010/3091

http://www.securitytracker.com/id?1024806

http://www.redhat.com/support/errata/RHSA-2010-0922.html

http://www.redhat.com/support/errata/RHSA-2010-0921.html

http://secunia.com/advisories/42406

Details

Source: Mitre, NVD

Published: 2010-12-07

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical