Lucene search

K
mageiaGentoo FoundationMGASA-2013-0327
HistoryNov 18, 2013 - 6:41 p.m.

Updated torque packages fix CVE-2013-4495

2013-11-1818:41:45
Gentoo Foundation
advisories.mageia.org
7

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.016 Low

EPSS

Percentile

87.0%

Updated torque packages fix security vulnerability: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbs_server (CVE-2013-4495).

OSVersionArchitecturePackageVersionFilename
Mageia2noarchtorque< 2.5.12-1.2torque-2.5.12-1.2.mga2
Mageia3noarchtorque< 4.1.5.1-1.2torque-4.1.5.1-1.2.mga3

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.016 Low

EPSS

Percentile

87.0%

Related for MGASA-2013-0327