CVE-2012-3493

Description

The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.

How to fix CVE-2012-3493

To remediate CVE-2012-3493, upgrade the affected package to a fixed version below.

• Debian/condor—upgrade to 7.8.2~dfsg.1-1+deb7u1 or later

Is CVE-2012-3493 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 7.8.2~dfsg.1-1+deb7u1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-3493