Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2013-4495

Published: 20/11/2013 Updated: 08/12/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Adaptivecomputing

Vulnerability Summary

The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) prior to 4.2.6 allows remote malicious users to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.

Vulnerable Product Search on Vulmon Subscribe to Product

adaptivecomputing torque resource manager

adaptivecomputing torque resource manager 4.1.5.1

adaptivecomputing torque resource manager 4.1.3

adaptivecomputing torque resource manager 3.0.4

adaptivecomputing torque resource manager 3.0.3

adaptivecomputing torque resource manager 2.5.6

adaptivecomputing torque resource manager 2.5.5

adaptivecomputing torque resource manager 2.5.10

adaptivecomputing torque resource manager 2.5.1

adaptivecomputing torque resource manager 2.5.0

adaptivecomputing torque resource manager 2.4.3

adaptivecomputing torque resource manager 2.4.2

adaptivecomputing torque resource manager 2.4.11

adaptivecomputing torque resource manager 2.4.10

adaptivecomputing torque resource manager 2.3.3

adaptivecomputing torque resource manager 2.3.2

adaptivecomputing torque resource manager 2.3.13

adaptivecomputing torque resource manager 2.2.0

adaptivecomputing torque resource manager 2.1.9

adaptivecomputing torque resource manager 2.1.10

adaptivecomputing torque resource manager 2.0.0

adaptivecomputing torque resource manager 4.2.4.1

adaptivecomputing torque resource manager 4.2.3.1

adaptivecomputing torque resource manager 4.1.2

adaptivecomputing torque resource manager 4.1.1

adaptivecomputing torque resource manager 4.1.0

adaptivecomputing torque resource manager 3.0.2

adaptivecomputing torque resource manager 3.0.1

adaptivecomputing torque resource manager 2.5.4

adaptivecomputing torque resource manager 2.5.3

adaptivecomputing torque resource manager 2.4.9

adaptivecomputing torque resource manager 2.4.8

adaptivecomputing torque resource manager 2.4.17

adaptivecomputing torque resource manager 2.4.16

adaptivecomputing torque resource manager 2.3.9

adaptivecomputing torque resource manager 2.3.8

adaptivecomputing torque resource manager 2.3.12

adaptivecomputing torque resource manager 2.3.11

adaptivecomputing torque resource manager 2.1.8

adaptivecomputing torque resource manager 2.1.7

adaptivecomputing torque resource manager 4.1.7

adaptivecomputing torque resource manager 4.1.6

adaptivecomputing torque resource manager 3.0.6

adaptivecomputing torque resource manager 3.0.5

adaptivecomputing torque resource manager 2.5.8

adaptivecomputing torque resource manager 2.5.7

adaptivecomputing torque resource manager 2.5.12

adaptivecomputing torque resource manager 2.5.11

adaptivecomputing torque resource manager 2.4.5

adaptivecomputing torque resource manager 2.4.4

adaptivecomputing torque resource manager 2.4.13

adaptivecomputing torque resource manager 2.4.12

adaptivecomputing torque resource manager 2.3.5

adaptivecomputing torque resource manager 2.3.4

adaptivecomputing torque resource manager 2.3.0

adaptivecomputing torque resource manager 2.2.1

adaptivecomputing torque resource manager 2.1.2

adaptivecomputing torque resource manager 2.1.11

adaptivecomputing torque resource manager 4.2.3

adaptivecomputing torque resource manager 4.2.2

adaptivecomputing torque resource manager 4.0.2

adaptivecomputing torque resource manager 4.0.0

adaptivecomputing torque resource manager 3.0.0

adaptivecomputing torque resource manager 2.5.9

adaptivecomputing torque resource manager 2.5.2

adaptivecomputing torque resource manager 2.5.13

adaptivecomputing torque resource manager 2.4.7

adaptivecomputing torque resource manager 2.4.6

adaptivecomputing torque resource manager 2.4.15

adaptivecomputing torque resource manager 2.4.14

adaptivecomputing torque resource manager 2.3.7

adaptivecomputing torque resource manager 2.3.6

adaptivecomputing torque resource manager 2.3.10

adaptivecomputing torque resource manager 2.3.1

adaptivecomputing torque resource manager 2.1.6

adaptivecomputing torque resource manager 2.1.3

Vendor Advisories

Debian Security Advisories: DSA-2796-1 torque -- arbitrary code execution
Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub This was later passed to a pipe, making it possible for these commands to be executed as root on the pbs_server For the ...

References

CWE-94http://secunia.com/advisories/55622https://www.adaptivecomputing.com/wp-content/uploads/releasenotes/releaseNotes-4.2.6.htmlhttp://secunia.com/advisories/55535https://www.debian.org/security/2013/dsa-2796https://nvd.nist.govhttps://www.debian.org/security/./dsa-2796
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook