Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2193

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2011-2193
Last Modified 18 Jan 2012 10:57:48
Published 24 Jun 2011 04:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-2193

Summary

Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff.

Vulnerable Systems

Application

  • Clusterresources Torque Resource Manager 2.1.0

  • Clusterresources Torque Resource Manager 2.1.0p11

  • Clusterresources Torque Resource Manager 2.1.1

  • Clusterresources Torque Resource Manager 2.1.10

  • Clusterresources Torque Resource Manager 2.1.11

  • Clusterresources Torque Resource Manager 2.1.2

  • Clusterresources Torque Resource Manager 2.1.3

  • Clusterresources Torque Resource Manager 2.1.6

  • Clusterresources Torque Resource Manager 2.1.7

  • Clusterresources Torque Resource Manager 2.1.8

  • Clusterresources Torque Resource Manager 2.1.9

  • Clusterresources Torque Resource Manager 2.2.1

  • Clusterresources Torque Resource Manager 2.3.0

  • Clusterresources Torque Resource Manager 2.3.1

  • Clusterresources Torque Resource Manager 2.3.10

  • Clusterresources Torque Resource Manager 2.3.11

  • Clusterresources Torque Resource Manager 2.3.12

  • Clusterresources Torque Resource Manager 2.3.13

  • Clusterresources Torque Resource Manager 2.3.2

  • Clusterresources Torque Resource Manager 2.3.3

  • Clusterresources Torque Resource Manager 2.3.4

  • Clusterresources Torque Resource Manager 2.3.5

  • Clusterresources Torque Resource Manager 2.3.6

  • Clusterresources Torque Resource Manager 2.3.7

  • Clusterresources Torque Resource Manager 2.3.8

  • Clusterresources Torque Resource Manager 2.3.9

  • Clusterresources Torque Resource Manager 2.4.10

  • Clusterresources Torque Resource Manager 2.4.11

  • Clusterresources Torque Resource Manager 2.4.12

  • Clusterresources Torque Resource Manager 2.4.13

  • Clusterresources Torque Resource Manager 2.4.2

  • Clusterresources Torque Resource Manager 2.4.3

  • Clusterresources Torque Resource Manager 2.4.4

  • Clusterresources Torque Resource Manager 2.4.5

  • Clusterresources Torque Resource Manager 2.4.6

  • Clusterresources Torque Resource Manager 2.4.7

  • Clusterresources Torque Resource Manager 2.4.8

  • Clusterresources Torque Resource Manager 2.4.9

  • Clusterresources Torque Resource Manager 2.5.0

  • Clusterresources Torque Resource Manager 2.5.1

  • Clusterresources Torque Resource Manager 2.5.2

  • Clusterresources Torque Resource Manager 2.5.3

  • Clusterresources Torque Resource Manager 2.5.4

  • Clusterresources Torque Resource Manager 2.5.5

  • Clusterresources Torque Resource Manager 3.0.0

  • Clusterresources Torque Resource Manager 3.0.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=711463

XF - torque-hostnames-bo(68152)

XF - torque-jobnames-bo(68151)

BID - 48374

BUGTRAQ - 20110713 Torque Server Buffer Overflow Vulnerability

CONFIRM - http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG

CONFIRM - http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG

SREASON - 8304

SECUNIA - 45040

SECUNIA - 45039

FEDORA - FEDORA-2011-8117

FEDORA - FEDORA-2011-8072

DEBIAN - DSA-2329


Last Updated: 27 May 2016 10:58:04