Description:
Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT
infrastructure for enterprise computing. MRG Messaging implements the
Advanced Message Queuing Protocol (AMQP) standard, adding persistence
options, kernel optimizations, and operating system services.
The Management Console Installation Guide for Red Hat Enterprise MRG 1.3
instructed administrators to configure Condor to allow the MRG Management
Console (cumin) to submit jobs on behalf of a user. This configuration
facilitated a trust relationship between cumin and the Condor QMF plug-ins;
however, there was inadequate access control on the trusted channel,
allowing anyone able to publish to a broker to submit jobs to run as any
other user (except root, as Condor does not run jobs as root).
(CVE-2010-4179)
Read more at www.criticalwatch.com |
No comments:
Post a Comment