CVE-2012-3416

Description

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.

How to fix CVE-2012-3416

To remediate CVE-2012-3416, upgrade the affected package to a fixed version below.

• Debian/condor—upgrade to 7.8.2~dfsg.1-1 or later

Is CVE-2012-3416 being exploited?

Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 7.8.2~dfsg.1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-3416