Name | CVE-2022-26110 |
Description | An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-2984-1, DSA-5144-1 |
Debian Bugs | 1008634 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
condor (PTS) | buster, buster (security) | 8.6.8~dfsg.1-2+deb10u1 | fixed |
sid, trixie | 23.4.0+dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
condor | source | stretch | 8.4.11~dfsg.1-1+deb9u2 | DLA-2984-1 | ||
condor | source | buster | 8.6.8~dfsg.1-2+deb10u1 | DSA-5144-1 | ||
condor | source | (unstable) | 23.2.0+dfsg-1 | 1008634 |
https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003
https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca (V8_8_16)
https://github.com/htcondor/htcondor/commit/8568e8ba65c9490f30a1089b6d4f8910e4bfbd6b (V8_8_16)