A user can cause the condor_schedd to crash by submitting a job designed for that purpose. CVE-2017-16816

Component Vulnerable Versions Platform Availability Fix Available
condor_schedd All before 8.6.8 (stable) and 8.7.5 (devel) all not known to be publicly exploited 8.6.8, 8.7.5
Status Access Required Host Type Required Effort Required Impact/Consequences
Verified authorized HTCondor submitter any host low medium
Fixed Date Credit
2017-11-14 Edgar M Fajardo Hernandez
Brian Bockleman
Jaime Frey

Access Required:

authorized HTCondor submitter

This vulnerability requires the attacker to be able to submit a job to a condor_schedd.

Effort Required:


Using standard HTCondor binaries, an attacker with knowledge of the nature of this vulnerability and manipulating GSI proxies can cause a denial of service.



Using a specially crafted proxy, an attacker can cause the condor_schedd to crash, essentially preventing any users from running jobs.


If your site does not use GSI, or if it does use GSI but does not utilize VOMS extensions, you can set "USE_VOMS_ATTRIBUTES = False" in your configuration to avoid the issue entirely.

Full Detials:

If a user submitted a job by authenticating with GSI, or that job carried a GSI certificate using the x509userproxy keyword, it was possible to crash the condor_schedd. Adding VOMS attributes to the proxy, but then setting either the VONAME or FQAN attribute to certificate that would cause HTCondor daemons to crash. This creates a potential denial of service that would prevent all users of HTCondor from submitting jobs.