CVE-2012-3491

Description

src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.

How to fix CVE-2012-3491

To remediate CVE-2012-3491, upgrade the affected package to a fixed version below.

• Debian/condor—upgrade to 7.8.2~dfsg.1-1+deb7u1 or later

Is CVE-2012-3491 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 7.8.2~dfsg.1-1+deb7u1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-3491