National Cyber Awareness System

Vulnerability Summary for CVE-2011-2193

Overview

Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=711463

Type: Patch Information

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=711463

External Source: XF

Name: torque-hostnames-bo(68152)

Hyperlink:http://xforce.iss.net/xforce/xfdb/68152

External Source: XF

Name: torque-jobnames-bo(68151)

Hyperlink:http://xforce.iss.net/xforce/xfdb/68151

External Source: BID

Name: 48374

Hyperlink:http://www.securityfocus.com/bid/48374

External Source: BUGTRAQ

Name: 20110713 Torque Server Buffer Overflow Vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/518885/100/0/threaded

External Source: DEBIAN

Name: DSA-2329

Hyperlink:http://www.debian.org/security/2011/dsa-2329

External Source: CONFIRM

Name: http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG

Hyperlink:http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG

External Source: CONFIRM

Name: http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG

Hyperlink:http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG

External Source: SREASON

Name: 8304

Hyperlink:http://securityreason.com/securityalert/8304

External Source: SECUNIA

Name: 45040

Type: Advisory

Hyperlink:http://secunia.com/advisories/45040

External Source: SECUNIA

Name: 45039

Type: Advisory

Hyperlink:http://secunia.com/advisories/45039

External Source: FEDORA

Name: FEDORA-2011-8117

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html

External Source: FEDORA

Name: FEDORA-2011-8072

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html