CVE-2014-8126
Published: 31 January 2020
The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.
From the Ubuntu Security Team
It was discovered that HTCondor ncorrectly invoked the mailx utility. An attacker could use this vulnerability to execute arbitrary commands.
Priority
Status
Package | Release | Status |
---|---|---|
condor Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(8.6.8~dfsg.1-2)
|
|
cosmic |
Not vulnerable
|
|
disco |
Not vulnerable
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
trusty |
Released
(8.0.5~dfsg.1-1ubuntu1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(8.2.3~dfsg.1-6)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(8.4.2~dfsg.1-1build1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |