Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0807300958030.19809@mjc.redhat.com>
Date: Wed, 30 Jul 2008 10:01:00 +0100 (BST)
From: Mark J Cox <mjc@...hat.com>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: condor < 7.0.4

Needs CVE name

https://lists.cs.wisc.edu/archive/condor-world/2008q2/msg00003.shtml
leading to:
http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html

 	This release fixes a problem causing possible incorrect handling of wild
 	cards in authorization lists. Examples of the configuration variables that
 	specify authorization lists are

 	  ALLOW_WRITE
 	  DENY_WRITE
 	  HOSTALLOW_WRITE
 	  HOSTDENY_WRITE

 	If a configuration variable uses the asterisk character (*) in
 	configuration variables that specify the authorization policy, it is
 	advisable to upgrade. This is especially true for the use of wild cards in
 	any DENY list, since this problem could result in access being allowed,
 	when it should have been denied. This issue affects all previous versions
 	of Condor.

Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.