[Condor-users] Security flaw in Condor 6.6.11 and 6.7.18 condor_ckpt_server

[Jaime Frey <jfrey@xxxxxxxxxxx>]

As noted in the 6.7.19 release announcement, the Condor Team has
discovered a flaw in the checkpoint server, condor_ckpt_server. This
security flaw could allow  remote attackers to replace any file owned by
the 'condor' user, or the user running the condor_ckpt_server. This flaw
is present in all versions of the condor_ckpt_server, up to and  
including
the 6.6.11 and 6.7.18 releases.

The checkpoint server is not activated by default. A security  
incident may
only occur when an administrator has configured and activated the
checkpoint server. We believe that few sites use the checkpoint server,
and consequently few sites are affected by this announcement.

We strongly urge all installations using the checkpoint server to  
upgrade
the checkpoint server to version 6.7.19. For 6.7 series installations,
upgrade the entire Condor installation to 6.7.19. For 6.6 series
installations, the 6.7.19 condor_ckpt_server binary replaces the 6.6
series one. The 6.7.19 condor_ckpt_server binary is available as a
separate download, available from our 'contrib' section:

http://www.cs.wisc.edu/condor/downloads/contrib.license.html

Please see the most recent posted version of the 6.7.19 manual, in the
version history for directions on how to replace the binary.

The Condor Team will publish a detailed report of this vulnerability on
2006-06-09, four weeks from the date when the fixes were first released
(2006-05-12).  This allows all sites time to upgrade before enough
information to exploit these bugs is widely available.

Please contact condor-admin@xxxxxxxxxxx with questions or concerns.

Thanks and regards,
UW-Madison Condor Team