Published: 11/04/2016 Updated: 14/04/2016

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

The oarsh script in OAR prior to 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oar project oar
debian debian linux 8.0

Debian Bug report logs - #819952 oar: CVE-2016-1235: vulnerability in the oarsh command Package: src:oar; Maintainer for src:oar is Pierre Neyron <pierreneyron@freefr>; Reported by: Vincent Danjean <vdanjean@debianorg> Date: Mon, 4 Apr 2016 08:48:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Fo ...

Emmanuel Thome discovered that missing sanitising in the oarsh command of OAR, a software used to manage jobs and resources of HPC clusters, could result in privilege escalation For the oldstable distribution (wheezy), this problem has been fixed in version 252-3+deb7u1 For the stable distribution (jessie), this problem has been fixed in versio ...

CWE-264 http://oar.imag.fr/oar_2.5.7 http://www.debian.org/security/2016/dsa-3543 https://raw.githubusercontent.com/oar-team/oar/ce77ffed620fdce94881c9b35064507777c24a1c/debian/patches/004-fix-oarsh-security-issue https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819952 https://nvd.nist.gov https://www.debian.org/security/./dsa-3543

CVE-2016-1235

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect