PRIOn knowledge basePRION:CVE-2014-3684Design/Logic Flaw
6.6 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
0.005 Low
EPSS
Percentile
75.9%
The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary processes via a crafted executable.
References
advisories.mageia.org/MGASA-2014-0408.html
openwall.com/lists/oss-security/2014/10/02/44
openwall.com/lists/oss-security/2014/10/02/45
secunia.com/advisories/61350
secunia.com/advisories/61960
www.debian.org/security/2014/dsa-3058
www.mandriva.com/security/advisories?name=MDVSA-2015:124
lists.fedoraproject.org/pipermail/package-announce/2015-May/159183.html
lists.fedoraproject.org/pipermail/package-announce/2015-May/159201.html
lists.fedoraproject.org/pipermail/package-announce/2015-May/159259.html
Related
6.6 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
0.005 Low
EPSS
Percentile
75.9%