{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-08-14T00:00:00", "descriptions": [{"lang": "en", "value": "Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "condor-reverse-dns-security-bypass(77748)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77748"}, {"name": "RHSA-2012:1168", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1168.html"}, {"name": "1027395", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1027395"}, {"name": "84766", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/84766"}, {"name": "50246", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50246"}, {"name": "55032", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55032"}, {"name": "50294", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50294"}, {"name": "RHSA-2012:1169", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1169.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.446Z"}, "title": "CVE Program Container", "references": [{"name": "condor-reverse-dns-security-bypass(77748)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77748"}, {"name": "RHSA-2012:1168", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1168.html"}, {"name": "1027395", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1027395"}, {"name": "84766", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/84766"}, {"name": "50246", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50246"}, {"name": "55032", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55032"}, {"name": "50294", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50294"}, {"name": "RHSA-2012:1169", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1169.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3416", "datePublished": "2012-08-25T10:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2024-08-06T20:05:12.446Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*", "matchCriteriaId": "F911C534-53BA-45D8-8BA0-3128DD6D7859", "versionEndIncluding": "7.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "D17C7D49-C87C-4531-9F60-AEA8217BC47B", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "C82D2C15-DFD1-40E0-86FC-F48263416AA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA32C2CA-B61F-449B-B90A-054AF177C296", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "03F817A5-9926-4AB5-8D25-8B68DC905B05", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "52BDAA46-4598-4DC2-8B1B-D85CBF649133", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "524D6F4F-4715-4F68-A069-87CDEF8BB5DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "3219F472-97A7-4A8E-A45C-DBFB3E25AA17", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.00:*:*:*:*:*:*:*", "matchCriteriaId": "2F33EBED-0ADB-4C56-96CC-06D5CF8838AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A9F3C190-977B-4FFA-8DA6-6C1DC337FE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "1AC9E5EA-CD6B-401A-ACD5-0FA64A32DD5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A5888B30-EFC0-49D7-BDFC-219226A3BE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.01:*:*:*:*:*:*:*", "matchCriteriaId": "7755344E-DC90-4B34-A701-8F9181F33A82", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5985B827-0494-4B99-A0CC-3F2DCB486BBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D6D49E49-D7C3-4A8D-87DF-26BFE479F0D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B921A880-DCC2-4AEB-A113-4AD520AA75D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1C31EBEA-2CB0-4910-B644-BAA5CB900DF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "97AAA688-530F-4049-AEF7-B302F984DCDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.02:*:*:*:*:*:*:*", "matchCriteriaId": "E83A28AE-9DDD-4C26-95AF-F8CB3600260B", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE91D459-EF92-430A-98E8-1131D8BD8682", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0C54D26-9124-49E6-8EBA-00AE0640633A", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "C66F0D08-3AE5-482A-B6AD-717475EB2D9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FDAC286B-A140-44E8-9B29-60B96A6B4555", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.03:*:*:*:*:*:*:*", "matchCriteriaId": "A9290686-AD5A-47DB-9CF8-4340446198A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F44106D-CD31-4FF2-A589-A7A7492FC0CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D973598A-90C0-4AE0-A047-17866BD6DC46", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "68301687-793B-4A68-B1FB-A2B941A230C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A1C1780-D08E-4E91-9379-CC6070360859", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname."}, {"lang": "es", "value": "Condor antes de v7.8.2 permite a atacantes remotos evitar la auntenticaci\u00f3n basada en host y ejecutar acciones como ALLOW_ADMINISTRATOR o ALLOW_WRITE conectando desde un sistema con un hostname DNS inverso falsificado"}], "id": "CVE-2012-3416", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-25T10:29:50.617", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/84766"}, {"source": "secalert@redhat.com", "url": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1168.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1169.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50246"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50294"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/55032"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1027395"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77748"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/84766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1168.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1169.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50246"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/55032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1027395"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77748"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Dan Bradley and Ken Hahn for reporting this issue.", "affected_release": [{"advisory": "RHSA-2012:1168", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "condor-0:7.6.5-0.14.2.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-08-14T00:00:00Z"}, {"advisory": "RHSA-2012:1169", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "condor-0:7.6.5-0.14.2.el6_3", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-08-14T00:00:00Z"}], "bugzilla": {"description": "condor: host based authentication does not implement forward-confirmed reverse dns", "id": "841175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841175"}, "csaw": false, "cvss": {"cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-284", "details": ["Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname."], "name": "CVE-2012-3416", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_mrg:1", "fix_state": "Will not fix", "package_name": "condor", "product_name": "Red Hat Enterprise MRG 1"}], "public_date": "2012-08-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-3416\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-3416"], "threat_severity": "Important"}

{}