HTCondor
Overview
Download
Documentation
Release Highlights
Release Schedule

HTCondor-CE
Overview
Download
Documentation
Release Highlights

General
News
Security
Documentation
Download

Documentation
HTCondor
HTCondor-CE

Support
HTCSS Contract Support
Community Mailing List
External Support Organizations

Email Lists
Users / Help
World / Announcements

Workshops
Throughput Computing 2024
Materials from past Workshops

HTCSS
What is HTCSS?
Logos

CHTC
Website ⬏
Staff ⬏
Jobs ⬏
Research & Publications ⬏

CONDOR-2012-0003

Summary:

Condor installations that support Standard Universe jobs and run the daemons on the submit machine as root are vulnerable to local privilege escalation. If a user submits a job into the standard universe, the user job may then execute code on the submit machine as the root user. If your Condor installation does not contain the condor_shadow.std executable, then you are not affected by this vulnerability. CVE-2012-5390

Component	Vulnerable Versions	Platform	Availability	Fix Available
Condor standard universe shadow	7.7.3 to 7.7.6, 7.8.0 to 7.8.4, and 7.9.0	Linux	not known to be publicly available	7.8.5
Status	Access Required	Host Type Required	Effort Required	Impact/Consequences
Verified	ability to submit jobs to the condor_schedd	n/a	low	high
Fixed Date	Credit
2012-Oct-22	Zach Miller Condor team

Access Required:

ability to submit jobs

Any person who can submit standard universe jobs to the condor_schedd can exploit this. Submissions are authenticated and are typically done locally. However, if Condor is configured to allow remote submits, jobs submitted remotely into the standard universe can also exploit this.

Effort Required:

low

To exploit this, an attacker just needs to know the correct sequence of communications with the condor_shadow.std.

Impact/Consequences:

high

If an attacker is successfully able to communicate correctly with the condor_shadow.std, they may instruct the shadow to run arbitrary code as the root user, including spawning additional processes.

Cause:

Missing privilege check

Condor should never spawn user processes as root, and makes explicit checks in most places to ensure this never happens. In the standard universe shadow, an unrelated change opened a new code path where privilege checking did not exist.

Proposed Fix:

Remove the code, as it should never be used.

Actual Fix:

As proposed.

Workaround:

If you do not need to run standard universe jobs, simply delete the condor_shadow.std from your installation.

European HTCondor Workshop: Abstract Submission Open

Mining millions of genomes for the next powerful antibiotic

Collaborations Between Two National Laboratories and the OSG Consortium Propel Nuclear and High-Energy Physics Forward

NOAA funded marine scientist uses OSPool access to high throughput computing to explode her boundaries of research

Addressing the challenges of transferring large datasets with the OSDF

Learning and adapting with OSG: Investigating the strong nuclear force

What is HTCSS?

CONDOR-2012-0003