CVE-2011-4930 [Medium] | Denial of Service in Condor

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.10%	0.59%	+0.49%
2	2025-03-17	0.04%	0.10%	+0.06%
3	2023-03-07	—	0.04%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.10%

0.59%

+0.49%

2025-03-17

0.04%

0.10%

+0.06%

2023-03-07

—

0.04%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.4	2.0	MEDIUM	`AV:L/AC:M/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	3.4	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.4

2.0

MEDIUM

AV:L/AC:M/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

3.4

6.4

[email protected]

OS Trackers for CVE-2011-4930

vendor	priority	summary	link
`debian`	unimportant	CVE-2011-4930 unimportant priority: Debian including 1 source packages (condor), 3 status rows across 3 suites (forky, sid, trixie): resolved 3.	https://security-tracker.debian.org/tracker/CVE-2011-4930
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2011-4930
`ubuntu`	medium	CVE-2011-4930 medium priority: Ubuntu including 1 source packages (condor), 10 status rows across 10 suites (hardy, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, upstream): ignored 4, not-affected 3, DNE 2, released 1.	https://ubuntu.com/security/CVE-2011-4930

Affected software / configurations for CVE-2011-4930

Vendor	Product	Version	Raw CPE
condor_project	condor	7.2.0	cpe:2.3:a:condor_project:condor:7.2.0:::::::*
condor_project	condor	7.2.1	cpe:2.3:a:condor_project:condor:7.2.1:::::::*
condor_project	condor	7.2.2	cpe:2.3:a:condor_project:condor:7.2.2:::::::*
condor_project	condor	7.2.3	cpe:2.3:a:condor_project:condor:7.2.3:::::::*
condor_project	condor	7.2.4	cpe:2.3:a:condor_project:condor:7.2.4:::::::*
condor_project	condor	7.2.5	cpe:2.3:a:condor_project:condor:7.2.5:::::::*
condor_project	condor	7.3.0	cpe:2.3:a:condor_project:condor:7.3.0:::::::*
condor_project	condor	7.3.1	cpe:2.3:a:condor_project:condor:7.3.1:::::::*
condor_project	condor	7.3.2	cpe:2.3:a:condor_project:condor:7.3.2:::::::*
condor_project	condor	7.4.0	cpe:2.3:a:condor_project:condor:7.4.0:::::::*
condor_project	condor	7.4.1	cpe:2.3:a:condor_project:condor:7.4.1:::::::*
condor_project	condor	7.4.2	cpe:2.3:a:condor_project:condor:7.4.2:::::::*
condor_project	condor	7.5.4	cpe:2.3:a:condor_project:condor:7.5.4:::::::*
condor_project	condor	7.6.0	cpe:2.3:a:condor_project:condor:7.6.0:::::::*
condor_project	condor	7.6.1	cpe:2.3:a:condor_project:condor:7.6.1:::::::*
condor_project	condor	7.6.2	cpe:2.3:a:condor_project:condor:7.6.2:::::::*
condor_project	condor	7.6.3	cpe:2.3:a:condor_project:condor:7.6.3:::::::*
condor_project	condor	7.6.4	cpe:2.3:a:condor_project:condor:7.6.4:::::::*
fedoraproject	fedora	15	cpe:2.3:o:fedoraproject:fedora:15:::::::*
fedoraproject	fedora	16	cpe:2.3:o:fedoraproject:fedora:16:::::::*
redhat	enterprise_mrg	1.3	cpe:2.3:o:redhat:enterprise_mrg:1.3:::::::*
redhat	enterprise_mrg	2.0	cpe:2.3:o:redhat:enterprise_mrg:2.0:::::::*

References for CVE-2011-4930

URL	Tags
http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0099.html
http://rhn.redhat.com/errata/RHSA-2012-0100.html
https://bugzilla.redhat.com/show_bug.cgi?id=759548
https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867
https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264
https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429
https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660

URL

CVE-2011-4930

Exploit prediction scoring system (EPSS) score for CVE-2011-4930

Common vulnerability scoring system (CVSS) metrics for CVE-2011-4930

Weakness enumeration for CVE-2011-4930

OS Trackers for CVE-2011-4930

Affected software / configurations for CVE-2011-4930

References for CVE-2011-4930