Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2907

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-2907
Last Modified 25 Apr 2012 12:00:00
Published 15 Aug 2011 03:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2907

Summary

Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program.

Vulnerable Systems

Application

  • Clusterresources Torque Resource Manager 2.1.0

  • Clusterresources Torque Resource Manager 2.1.0p11

  • Clusterresources Torque Resource Manager 2.1.1

  • Clusterresources Torque Resource Manager 2.1.10

  • Clusterresources Torque Resource Manager 2.1.11

  • Clusterresources Torque Resource Manager 2.1.2

  • Clusterresources Torque Resource Manager 2.1.3

  • Clusterresources Torque Resource Manager 2.1.6

  • Clusterresources Torque Resource Manager 2.1.7

  • Clusterresources Torque Resource Manager 2.1.8

  • Clusterresources Torque Resource Manager 2.1.9

  • Clusterresources Torque Resource Manager 2.2.1

  • Clusterresources Torque Resource Manager 2.3.0

  • Clusterresources Torque Resource Manager 2.3.1

  • Clusterresources Torque Resource Manager 2.3.10

  • Clusterresources Torque Resource Manager 2.3.11

  • Clusterresources Torque Resource Manager 2.3.12

  • Clusterresources Torque Resource Manager 2.3.13

  • Clusterresources Torque Resource Manager 2.3.2

  • Clusterresources Torque Resource Manager 2.3.3

  • Clusterresources Torque Resource Manager 2.3.4

  • Clusterresources Torque Resource Manager 2.3.5

  • Clusterresources Torque Resource Manager 2.3.6

  • Clusterresources Torque Resource Manager 2.3.7

  • Clusterresources Torque Resource Manager 2.3.8

  • Clusterresources Torque Resource Manager 2.3.9

  • Clusterresources Torque Resource Manager 2.4.10

  • Clusterresources Torque Resource Manager 2.4.11

  • Clusterresources Torque Resource Manager 2.4.12

  • Clusterresources Torque Resource Manager 2.4.13

  • Clusterresources Torque Resource Manager 2.4.2

  • Clusterresources Torque Resource Manager 2.4.3

  • Clusterresources Torque Resource Manager 2.4.4

  • Clusterresources Torque Resource Manager 2.4.5

  • Clusterresources Torque Resource Manager 2.4.6

  • Clusterresources Torque Resource Manager 2.4.7

  • Clusterresources Torque Resource Manager 2.4.8

  • Clusterresources Torque Resource Manager 2.4.9

  • Clusterresources Torque Resource Manager 2.5.0

  • Clusterresources Torque Resource Manager 2.5.1

  • Clusterresources Torque Resource Manager 2.5.2

  • Clusterresources Torque Resource Manager 2.5.3

  • Clusterresources Torque Resource Manager 2.5.4

  • Clusterresources Torque Resource Manager 2.5.5

  • Clusterresources Torque Resource Manager 3.0.0

  • Clusterresources Torque Resource Manager 3.0.1


References

MISC - https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=713090

XF - torque-resource-manager-pbsohost-sec-bypass(69138)

BID - 49119

MLIST - [oss-security] 20110810 CVE-2011-2907: authentication bypass in torque

MLIST - [torqueusers] 20110809 TORQUE authorization security vulnerability

SECUNIA - 45524


Last Updated: 27 May 2016 10:57:12