Published: 24/06/2011 Updated: 09/10/2018

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

VMScore: 756

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x prior to 2.4.14, 2.5.x prior to 2.5.6, and 3.x prior to 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clusterresources torque resource manager 2.4.9
clusterresources torque resource manager 2.4.8
clusterresources torque resource manager 2.3.9
clusterresources torque resource manager 2.3.8
clusterresources torque resource manager 2.3.1
clusterresources torque resource manager 2.3.0
clusterresources torque resource manager 2.3.10
clusterresources torque resource manager 2.1.7
clusterresources torque resource manager 2.4.13
clusterresources torque resource manager 2.4.12
clusterresources torque resource manager 2.4.5
clusterresources torque resource manager 2.4.4
clusterresources torque resource manager 2.3.5
clusterresources torque resource manager 2.3.4
clusterresources torque resource manager 2.3.13
clusterresources torque resource manager 2.2.1
clusterresources torque resource manager 2.1.11
clusterresources torque resource manager 2.1.10
clusterresources torque resource manager 2.4.7
clusterresources torque resource manager 2.4.6
clusterresources torque resource manager 2.3.7
clusterresources torque resource manager 2.3.6
clusterresources torque resource manager 2.3.11
clusterresources torque resource manager 2.3.12
clusterresources torque resource manager 2.1.3
clusterresources torque resource manager 2.1.2
clusterresources torque resource manager 2.1.6
clusterresources torque resource manager 2.1.0
clusterresources torque resource manager 2.4.11
clusterresources torque resource manager 2.4.10
clusterresources torque resource manager 2.4.3
clusterresources torque resource manager 2.4.2
clusterresources torque resource manager 2.3.3
clusterresources torque resource manager 2.3.2
clusterresources torque resource manager 2.1.9
clusterresources torque resource manager 2.1.8
clusterresources torque resource manager 2.1.1
clusterresources torque resource manager 2.1.0p11
clusterresources torque resource manager 2.5.2
clusterresources torque resource manager 2.5.3
clusterresources torque resource manager 2.5.0
clusterresources torque resource manager 2.5.1
clusterresources torque resource manager 2.5.4
clusterresources torque resource manager 2.5.5
clusterresources torque resource manager 3.0.0
clusterresources torque resource manager 3.0.1

Bartlomiej Balcerek discovered several buffer overflows in TORQUE server, a PBS-derived batch processing server This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names The oldstable distribution (lenny) does not contain torque For the stable distribution (squeeze), this p ...

CWE-119 http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG http://secunia.com/advisories/45039 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html http://secunia.com/advisories/45040 https://bugzilla.redhat.com/show_bug.cgi?id=711463 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html http://www.securityfocus.com/bid/48374 http://securityreason.com/securityalert/8304 http://www.debian.org/security/2011/dsa-2329 https://exchange.xforce.ibmcloud.com/vulnerabilities/68152 https://exchange.xforce.ibmcloud.com/vulnerabilities/68151 http://www.securityfocus.com/archive/1/518885/100/0/threaded https://www.debian.org/security/./dsa-2329 https://nvd.nist.gov

CVE-2011-2193

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect