Lucene search
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2329.NASLHistoryOct 28, 2011 - 12:00 a.m.
Debian DSA-2329-1 : torque - buffer overflow
2011-10-2800:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
Bartlomiej Balcerek discovered several buffer overflows in TORQUE server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names.
The oldstable distribution (lenny) does not contain torque.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-2329. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(56662);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2011-2193");
script_bugtraq_id(48374);
script_xref(name:"DSA", value:"2329");
script_name(english:"Debian DSA-2329-1 : torque - buffer overflow");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Bartlomiej Balcerek discovered several buffer overflows in TORQUE
server, a PBS-derived batch processing server. This allows an attacker
to crash the service or execute arbitrary code with privileges of the
server via crafted job or host names.
The oldstable distribution (lenny) does not contain torque."
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/squeeze/torque"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2011/dsa-2329"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the torque packages.
For the stable distribution (squeeze), this problem has been fixed in
version 2.4.8+dfsg-9squeeze1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:torque");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
script_set_attribute(attribute:"patch_publication_date", value:"2011/10/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/28");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"6.0", prefix:"libtorque2", reference:"2.4.8+dfsg-9squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"libtorque2-dev", reference:"2.4.8+dfsg-9squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"torque-client", reference:"2.4.8+dfsg-9squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"torque-client-x11", reference:"2.4.8+dfsg-9squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"torque-common", reference:"2.4.8+dfsg-9squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"torque-mom", reference:"2.4.8+dfsg-9squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"torque-pam", reference:"2.4.8+dfsg-9squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"torque-scheduler", reference:"2.4.8+dfsg-9squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"torque-server", reference:"2.4.8+dfsg-9squeeze1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | torque | p-cpe:/a:debian:debian_linux:torque |
| debian | debian_linux | 6.0 | cpe:/o:debian:debian_linux:6.0 |
Related
nessus
nessus
Fedora 14 : torque-2.4.11-2.fc14 (2011-8117)
2011-06-22 00:00:00
Fedora 15 : torque-3.0.1-4.fc15 (2011-8072)
2011-07-13 00:00:00
GLSA-201412-47 : TORQUE Resource Manager: Multiple vulnerabilities
2014-12-29 00:00:00
cve
cve
CVE-2011-2193
2011-06-24 20:55:00
openvas
openvas
Fedora Update for torque FEDORA-2011-8117
2011-06-24 00:00:00
Fedora Update for torque FEDORA-2011-8072
2011-07-18 00:00:00
Debian Security Advisory DSA 2329-1 (torque)
2012-02-11 00:00:00
prion
prion
Buffer overflow
2011-06-24 20:55:00
fedora
fedora
[SECURITY] Fedora 14 Update: torque-2.4.11-2.fc14
2011-06-21 17:18:20
[SECURITY] Fedora 15 Update: torque-3.0.1-4.fc15
2011-07-12 22:01:54
securityvulns
securityvulns
Torque Server Buffer Overflow Vulnerability
2011-07-18 00:00:00
Torque Server buffer overflow
2011-07-18 00:00:00
debian
debian
[SECURITY] [DSA 2329-1] torque security update
2011-10-27 08:56:33
ubuntucve
ubuntucve
CVE-2011-2193
2011-06-24 00:00:00
gentoo
gentoo
TORQUE Resource Manager: Multiple vulnerabilities
2014-12-26 00:00:00
Related for DEBIAN_DSA-2329.NASL