[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] Security flaw in Condor 6.6.11 and 6.7.18 condor_ckpt_server

As noted in the 6.7.19 release announcement, the Condor Team has
discovered a flaw in the checkpoint server, condor_ckpt_server. This
security flaw could allow  remote attackers to replace any file owned by
the 'condor' user, or the user running the condor_ckpt_server. This flaw
is present in all versions of the condor_ckpt_server, up to and including
the 6.6.11 and 6.7.18 releases.

The checkpoint server is not activated by default. A security incident may
only occur when an administrator has configured and activated the
checkpoint server. We believe that few sites use the checkpoint server,
and consequently few sites are affected by this announcement.

We strongly urge all installations using the checkpoint server to upgrade
the checkpoint server to version 6.7.19. For 6.7 series installations,
upgrade the entire Condor installation to 6.7.19. For 6.6 series
installations, the 6.7.19 condor_ckpt_server binary replaces the 6.6
series one. The 6.7.19 condor_ckpt_server binary is available as a
separate download, available from our 'contrib' section:


Please see the most recent posted version of the 6.7.19 manual, in the
version history for directions on how to replace the binary.

The Condor Team will publish a detailed report of this vulnerability on
2006-06-09, four weeks from the date when the fixes were first released
(2006-05-12).  This allows all sites time to upgrade before enough
information to exploit these bugs is widely available.

Please contact condor-admin@xxxxxxxxxxx with questions or concerns.

Thanks and regards,
UW-Madison Condor Team