Red Hat Enterprise MRG Messaging and Grid: Importtant Security Update

Users of Red Hat Enterprise MRG Messaging and Grid please be advised of an Important security update that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

RHSA-2010:0922-01: [RHSA-2010:0922-01] Important: Red Hat Enterprise MRG Messaging and Grid security update

Product: Red Hat Enterprise MRG for RHEL-4

Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT

infrastructure for enterprise computing. MRG Messaging implements the

Advanced Message Queuing Protocol (AMQP) standard, adding persistence

options, kernel optimizations, and operating system services.

The Management Console Installation Guide for Red Hat Enterprise MRG 1.3

instructed administrators to configure Condor to allow the MRG Management

Console (cumin) to submit jobs on behalf of a user. This configuration

facilitated a trust relationship between cumin and the Condor QMF plug-ins;

however, there was inadequate access control on the trusted channel,

allowing anyone able to publish to a broker to submit jobs to run as any

other user (except root, as Condor does not run jobs as root).