Candidate: CVE-2011-4930
PublicDate: 2014-02-10 18:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4930
 http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0001.html
Description:
 Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and
 possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly
 other products, allow local users to cause a denial of service
 (condor_schedd daemon and failure to launch jobs) and possibly execute
 arbitrary code via format string specifiers in (1) the reason for a hold
 for a job that uses an XML user log, (2) the filename of a file to be
 transferred, and possibly other unspecified vectors.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660
 https://bugzilla.redhat.com/show_bug.cgi?id=759548
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_condor:
 upstream: http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=5e5571d1a431eb3c61977b6dd6ec90186ef79867
upstream_condor: released (7.6.5)
hardy_condor: DNE
lucid_condor: ignored (reached end-of-life)
maverick_condor: ignored (reached end-of-life)
natty_condor: ignored (reached end-of-life)
oneiric_condor: ignored (reached end-of-life)
precise_condor: DNE
quantal_condor: not-affected (7.8.0~dfsg.1-1)
raring_condor: not-affected (7.8.0~dfsg.1-1)
saucy_condor: not-affected (7.8.0~dfsg.1-1)
devel_condor: not-affected (7.8.0~dfsg.1-1)