Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities found for torque_resource_manager by clusterresources

    CVE-2011-4925 (GCVE-0-2011-4925)

    Vulnerability from nvd – Published: 2012-01-13 02:00 – Updated: 2024-08-07 00:23
    VLAI
    Summary
    Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://openwall.com/lists/oss-security/2012/01/05/1 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/47381 third-party-advisoryx_refsource_SECUNIA
    http://openwall.com/lists/oss-security/2012/01/05/9 mailing-listx_refsource_MLIST
    http://www.adaptivecomputing.com/resources/docs/t… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/51224 vdb-entryx_refsource_BID
    Date Public
    2011-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:23:38.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20120105 CVE request: TORQUE Munge Authentication Security Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2012/01/05/1"
              },
              {
                "name": "47381",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47381"
              },
              {
                "name": "[oss-security] 20120105 Re: CVE request: TORQUE Munge Authentication Security Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2012/01/05/9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.adaptivecomputing.com/resources/docs/torque/3-0-3/changelog.php#259"
              },
              {
                "name": "51224",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-02-02T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20120105 CVE request: TORQUE Munge Authentication Security Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2012/01/05/1"
            },
            {
              "name": "47381",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47381"
            },
            {
              "name": "[oss-security] 20120105 Re: CVE request: TORQUE Munge Authentication Security Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2012/01/05/9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.adaptivecomputing.com/resources/docs/torque/3-0-3/changelog.php#259"
            },
            {
              "name": "51224",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51224"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-4925",
        "datePublished": "2012-01-13T02:00:00.000Z",
        "dateReserved": "2011-12-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:23:38.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2907 (GCVE-0-2011-2907)

    Vulnerability from nvd – Published: 2011-08-15 19:00 – Updated: 2024-08-06 23:15
    VLAI
    Summary
    Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:15:31.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713090"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296"
              },
              {
                "name": "[torqueusers] 20110809 TORQUE authorization security vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.clusterresources.com/pipermail/torqueusers/2011-August/013194.html"
              },
              {
                "name": "49119",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49119"
              },
              {
                "name": "45524",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45524"
              },
              {
                "name": "torque-resource-manager-pbsohost-sec-bypass(69138)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69138"
              },
              {
                "name": "[oss-security] 20110810 CVE-2011-2907: authentication bypass in torque",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/11/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713090"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296"
            },
            {
              "name": "[torqueusers] 20110809 TORQUE authorization security vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.clusterresources.com/pipermail/torqueusers/2011-August/013194.html"
            },
            {
              "name": "49119",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49119"
            },
            {
              "name": "45524",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45524"
            },
            {
              "name": "torque-resource-manager-pbsohost-sec-bypass(69138)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69138"
            },
            {
              "name": "[oss-security] 20110810 CVE-2011-2907: authentication bypass in torque",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/11/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2907",
        "datePublished": "2011-08-15T19:00:00.000Z",
        "dateReserved": "2011-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:15:31.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2193 (GCVE-0-2011-2193)

    Vulnerability from nvd – Published: 2011-06-24 20:00 – Updated: 2024-08-06 22:53
    VLAI
    Summary
    Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.debian.org/security/2011/dsa-2329 vendor-advisoryx_refsource_DEBIAN
    http://www.clusterresources.com/downloads/torque/… x_refsource_CONFIRM
    http://secunia.com/advisories/45039 third-party-advisoryx_refsource_SECUNIA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/archive/1/518885/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/45040 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/8304 third-party-advisoryx_refsource_SREASON
    http://www.clusterresources.com/downloads/torque/… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/48374 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://bugzilla.redhat.com/show_bug.cgi?id=711463 x_refsource_CONFIRM
    Date Public
    2011-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:53:17.202Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2011-8117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html"
              },
              {
                "name": "DSA-2329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2329"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG"
              },
              {
                "name": "45039",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45039"
              },
              {
                "name": "FEDORA-2011-8072",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html"
              },
              {
                "name": "20110713 Torque Server Buffer Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/518885/100/0/threaded"
              },
              {
                "name": "45040",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45040"
              },
              {
                "name": "8304",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8304"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG"
              },
              {
                "name": "48374",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/48374"
              },
              {
                "name": "torque-hostnames-bo(68152)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68152"
              },
              {
                "name": "torque-jobnames-bo(68151)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68151"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=711463"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2011-8117",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html"
            },
            {
              "name": "DSA-2329",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2329"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG"
            },
            {
              "name": "45039",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45039"
            },
            {
              "name": "FEDORA-2011-8072",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html"
            },
            {
              "name": "20110713 Torque Server Buffer Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/518885/100/0/threaded"
            },
            {
              "name": "45040",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45040"
            },
            {
              "name": "8304",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8304"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG"
            },
            {
              "name": "48374",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/48374"
            },
            {
              "name": "torque-hostnames-bo(68152)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68152"
            },
            {
              "name": "torque-jobnames-bo(68151)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68151"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=711463"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-2193",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2011-8117",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html"
                },
                {
                  "name": "DSA-2329",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2329"
                },
                {
                  "name": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG",
                  "refsource": "CONFIRM",
                  "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG"
                },
                {
                  "name": "45039",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/45039"
                },
                {
                  "name": "FEDORA-2011-8072",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html"
                },
                {
                  "name": "20110713 Torque Server Buffer Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/518885/100/0/threaded"
                },
                {
                  "name": "45040",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/45040"
                },
                {
                  "name": "8304",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8304"
                },
                {
                  "name": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG",
                  "refsource": "CONFIRM",
                  "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG"
                },
                {
                  "name": "48374",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/48374"
                },
                {
                  "name": "torque-hostnames-bo(68152)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68152"
                },
                {
                  "name": "torque-jobnames-bo(68151)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68151"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=711463",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=711463"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2193",
        "datePublished": "2011-06-24T20:00:00.000Z",
        "dateReserved": "2011-05-31T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:53:17.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4925 (GCVE-0-2011-4925)

    Vulnerability from cvelistv5 – Published: 2012-01-13 02:00 – Updated: 2024-08-07 00:23
    VLAI
    Summary
    Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://openwall.com/lists/oss-security/2012/01/05/1 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/47381 third-party-advisoryx_refsource_SECUNIA
    http://openwall.com/lists/oss-security/2012/01/05/9 mailing-listx_refsource_MLIST
    http://www.adaptivecomputing.com/resources/docs/t… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/51224 vdb-entryx_refsource_BID
    Date Public
    2011-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:23:38.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20120105 CVE request: TORQUE Munge Authentication Security Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2012/01/05/1"
              },
              {
                "name": "47381",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47381"
              },
              {
                "name": "[oss-security] 20120105 Re: CVE request: TORQUE Munge Authentication Security Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2012/01/05/9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.adaptivecomputing.com/resources/docs/torque/3-0-3/changelog.php#259"
              },
              {
                "name": "51224",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-02-02T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20120105 CVE request: TORQUE Munge Authentication Security Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2012/01/05/1"
            },
            {
              "name": "47381",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47381"
            },
            {
              "name": "[oss-security] 20120105 Re: CVE request: TORQUE Munge Authentication Security Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2012/01/05/9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.adaptivecomputing.com/resources/docs/torque/3-0-3/changelog.php#259"
            },
            {
              "name": "51224",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51224"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-4925",
        "datePublished": "2012-01-13T02:00:00.000Z",
        "dateReserved": "2011-12-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:23:38.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2907 (GCVE-0-2011-2907)

    Vulnerability from cvelistv5 – Published: 2011-08-15 19:00 – Updated: 2024-08-06 23:15
    VLAI
    Summary
    Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:15:31.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713090"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296"
              },
              {
                "name": "[torqueusers] 20110809 TORQUE authorization security vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.clusterresources.com/pipermail/torqueusers/2011-August/013194.html"
              },
              {
                "name": "49119",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49119"
              },
              {
                "name": "45524",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45524"
              },
              {
                "name": "torque-resource-manager-pbsohost-sec-bypass(69138)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69138"
              },
              {
                "name": "[oss-security] 20110810 CVE-2011-2907: authentication bypass in torque",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/11/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713090"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296"
            },
            {
              "name": "[torqueusers] 20110809 TORQUE authorization security vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.clusterresources.com/pipermail/torqueusers/2011-August/013194.html"
            },
            {
              "name": "49119",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49119"
            },
            {
              "name": "45524",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45524"
            },
            {
              "name": "torque-resource-manager-pbsohost-sec-bypass(69138)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69138"
            },
            {
              "name": "[oss-security] 20110810 CVE-2011-2907: authentication bypass in torque",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/11/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2907",
        "datePublished": "2011-08-15T19:00:00.000Z",
        "dateReserved": "2011-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:15:31.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2193 (GCVE-0-2011-2193)

    Vulnerability from cvelistv5 – Published: 2011-06-24 20:00 – Updated: 2024-08-06 22:53
    VLAI
    Summary
    Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.debian.org/security/2011/dsa-2329 vendor-advisoryx_refsource_DEBIAN
    http://www.clusterresources.com/downloads/torque/… x_refsource_CONFIRM
    http://secunia.com/advisories/45039 third-party-advisoryx_refsource_SECUNIA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/archive/1/518885/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/45040 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/8304 third-party-advisoryx_refsource_SREASON
    http://www.clusterresources.com/downloads/torque/… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/48374 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://bugzilla.redhat.com/show_bug.cgi?id=711463 x_refsource_CONFIRM
    Date Public
    2011-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:53:17.202Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2011-8117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html"
              },
              {
                "name": "DSA-2329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2329"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG"
              },
              {
                "name": "45039",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45039"
              },
              {
                "name": "FEDORA-2011-8072",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html"
              },
              {
                "name": "20110713 Torque Server Buffer Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/518885/100/0/threaded"
              },
              {
                "name": "45040",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45040"
              },
              {
                "name": "8304",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8304"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG"
              },
              {
                "name": "48374",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/48374"
              },
              {
                "name": "torque-hostnames-bo(68152)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68152"
              },
              {
                "name": "torque-jobnames-bo(68151)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68151"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=711463"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2011-8117",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html"
            },
            {
              "name": "DSA-2329",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2329"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG"
            },
            {
              "name": "45039",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45039"
            },
            {
              "name": "FEDORA-2011-8072",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html"
            },
            {
              "name": "20110713 Torque Server Buffer Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/518885/100/0/threaded"
            },
            {
              "name": "45040",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45040"
            },
            {
              "name": "8304",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8304"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG"
            },
            {
              "name": "48374",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/48374"
            },
            {
              "name": "torque-hostnames-bo(68152)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68152"
            },
            {
              "name": "torque-jobnames-bo(68151)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68151"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=711463"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-2193",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2011-8117",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html"
                },
                {
                  "name": "DSA-2329",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2329"
                },
                {
                  "name": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG",
                  "refsource": "CONFIRM",
                  "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG"
                },
                {
                  "name": "45039",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/45039"
                },
                {
                  "name": "FEDORA-2011-8072",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html"
                },
                {
                  "name": "20110713 Torque Server Buffer Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/518885/100/0/threaded"
                },
                {
                  "name": "45040",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/45040"
                },
                {
                  "name": "8304",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8304"
                },
                {
                  "name": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG",
                  "refsource": "CONFIRM",
                  "url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG"
                },
                {
                  "name": "48374",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/48374"
                },
                {
                  "name": "torque-hostnames-bo(68152)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68152"
                },
                {
                  "name": "torque-jobnames-bo(68151)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68151"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=711463",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=711463"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2193",
        "datePublished": "2011-06-24T20:00:00.000Z",
        "dateReserved": "2011-05-31T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:53:17.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }