CVE-2009-4133 [Medium] | Security Vulnerability in Condor

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-03-30	2.47%	1.43%	-1.04%
2	2025-03-29	1.43%	2.47%	+1.04%
3	2025-03-17	—	1.43%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-03-30

2.47%

1.43%

-1.04%

2025-03-29

1.43%

2.47%

+1.04%

2025-03-17

—

1.43%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.5	2.0	MEDIUM	`AV:N/AC:L/Au:S/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	8.0	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

6.5

2.0

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:S): A single authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

8.0

6.4

[email protected]

OS Trackers for CVE-2009-4133

vendor	priority	summary	link
`debian`	unimportant	CVE-2009-4133 unimportant priority: Debian including 1 source packages (condor), 3 status rows across 3 suites (forky, sid, trixie): resolved 3.	https://security-tracker.debian.org/tracker/CVE-2009-4133
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2009-4133
`ubuntu`	medium	CVE-2009-4133 medium priority: Ubuntu including 1 source packages (condor), 14 status rows across 14 suites (dapper, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, upstream): DNE 5, ignored 5, not-affected 3, needed 1.	https://ubuntu.com/security/CVE-2009-4133

Affected software / configurations for CVE-2009-4133

Vendor	Product	Version	Raw CPE
condor_project	condor	6.5.4	cpe:2.3:a:condor_project:condor:6.5.4:::::::*
condor_project	condor	6.8.0	cpe:2.3:a:condor_project:condor:6.8.0:::::::*
condor_project	condor	6.8.1	cpe:2.3:a:condor_project:condor:6.8.1:::::::*
condor_project	condor	6.8.2	cpe:2.3:a:condor_project:condor:6.8.2:::::::*
condor_project	condor	6.8.3	cpe:2.3:a:condor_project:condor:6.8.3:::::::*
condor_project	condor	6.8.4	cpe:2.3:a:condor_project:condor:6.8.4:::::::*
condor_project	condor	6.8.5	cpe:2.3:a:condor_project:condor:6.8.5:::::::*
condor_project	condor	6.8.6	cpe:2.3:a:condor_project:condor:6.8.6:::::::*
condor_project	condor	6.8.7	cpe:2.3:a:condor_project:condor:6.8.7:::::::*
condor_project	condor	6.8.8	cpe:2.3:a:condor_project:condor:6.8.8:::::::*
condor_project	condor	6.8.9	cpe:2.3:a:condor_project:condor:6.8.9:::::::*
condor_project	condor	7.0.0	cpe:2.3:a:condor_project:condor:7.0.0:::::::*
condor_project	condor	7.0.1	cpe:2.3:a:condor_project:condor:7.0.1:::::::*
condor_project	condor	7.0.2	cpe:2.3:a:condor_project:condor:7.0.2:::::::*
condor_project	condor	7.0.3	cpe:2.3:a:condor_project:condor:7.0.3:::::::*
condor_project	condor	7.0.4	cpe:2.3:a:condor_project:condor:7.0.4:::::::*
condor_project	condor	7.0.5	cpe:2.3:a:condor_project:condor:7.0.5:::::::*
condor_project	condor	7.0.6	cpe:2.3:a:condor_project:condor:7.0.6:::::::*
condor_project	condor	7.1.0	cpe:2.3:a:condor_project:condor:7.1.0:::::::*
condor_project	condor	7.1.1	cpe:2.3:a:condor_project:condor:7.1.1:::::::*
condor_project	condor	7.1.2	cpe:2.3:a:condor_project:condor:7.1.2:::::::*
condor_project	condor	7.1.3	cpe:2.3:a:condor_project:condor:7.1.3:::::::*
condor_project	condor	7.1.4	cpe:2.3:a:condor_project:condor:7.1.4:::::::*
condor_project	condor	7.2.0	cpe:2.3:a:condor_project:condor:7.2.0:::::::*
condor_project	condor	7.2.1	cpe:2.3:a:condor_project:condor:7.2.1:::::::*
condor_project	condor	7.2.2	cpe:2.3:a:condor_project:condor:7.2.2:::::::*
condor_project	condor	7.2.3	cpe:2.3:a:condor_project:condor:7.2.3:::::::*
condor_project	condor	7.2.4	cpe:2.3:a:condor_project:condor:7.2.4:::::::*
condor_project	condor	7.3.0	cpe:2.3:a:condor_project:condor:7.3.0:::::::*
condor_project	condor	7.3.1	cpe:2.3:a:condor_project:condor:7.3.1:::::::*
condor_project	condor	7.3.2	cpe:2.3:a:condor_project:condor:7.3.2:::::::*
condor_project	condor	7.4.0	cpe:2.3:a:condor_project:condor:7.4.0:::::::*
redhat	enterprise_mrg	1.2	cpe:2.3:o:redhat:enterprise_mrg:1.2:::::::*

References for CVE-2009-4133

URL	Tags
http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018
http://secunia.com/advisories/37766	Vendor Advisory
http://secunia.com/advisories/37803	Vendor Advisory
http://securitytracker.com/id?1023378
http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000	Vendor Advisory
http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-1688.html
http://www.redhat.com/support/errata/RHSA-2009-1689.html
http://www.securityfocus.com/bid/37443
https://bugzilla.redhat.com/show_bug.cgi?id=544371
https://exchange.xforce.ibmcloud.com/vulnerabilities/54984

URL

CVE-2009-4133

Exploit prediction scoring system (EPSS) score for CVE-2009-4133

Common vulnerability scoring system (CVSS) metrics for CVE-2009-4133

Weakness enumeration for CVE-2009-4133

OS Trackers for CVE-2009-4133

Affected software / configurations for CVE-2009-4133

References for CVE-2009-4133