CVE-2012-3492

medium

Published 2012-09-28 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

6.4

Description

The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact

Debian Fixed 3 releases

Version	Status	Fixed in
trixie	Fixed	`7.8.2~dfsg.1-1+deb7u1`
sid	Fixed	`7.8.2~dfsg.1-1+deb7u1`
forky	Fixed	`7.8.2~dfsg.1-1+deb7u1`

Application impact

Vendor	Product	Versions
condor_project	condor	`7.6.0`
condor_project	condor	`7.6.1`
condor_project	condor	`7.6.2`
condor_project	condor	`7.6.3`
condor_project	condor	`7.6.4`
condor_project	condor	`7.6.5`
condor_project	condor	`7.6.6`
condor_project	condor	`7.6.7`
condor_project	condor	`7.6.8`
condor_project	condor	`7.6.9`
condor_project	condor	`7.8.0`
condor_project	condor	`7.8.1`
condor_project	condor	`7.8.2`
condor_project	condor	`7.8.3`

References

CWEs

CWE-287

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.