15 matches found
EUVD-2013-4208
Malware in sbrugna...
CVE-2019-15719
Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbsmom, which fails to properly authenticate the message. This results in code execution as an arbitrary user...
PBS Professional 19.2.3 Authentication Bypass
=========================================================== PBS Professional MoM Authentication Bypass CVE-2019-15719 =========================================================== Software: PBS Professional Affected Versions: All versions up to and including 19.2.3 Vendor: Altair Engineering, Inc C...
torque authentication bypass
It's possible to queue code execution by connecting directly to pbsmom port. Shell characters vulnerability...
Mandriva Linux Security Advisory : torque (MDVSA-2013:252)
Updated torque package fixes security vulnerability : A non-priviledged user who was able to run jobs or login to a node which ran pbsserver or pbsmom, could submit arbitrary jobs to a pbsmom daemon to queue and run the job, which would run as root CVE-2013-4319. %NASLMINLEVEL 70300 C Tenable...
Command injection
pbsmom in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command...
CVE-2013-4319
pbsmom in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command...
CVE-2013-4319
CVE-2013-4319 affects TORQUE Resource Manager’s pbs_mom, where improper access control on unprivileged ports allows remote authenticated users to submit commands and execute arbitrary jobs. Affected versions include TORQUE 2.5.x, 4.x, and earlier. Root cause: failure to properly restrict access b...
CVE-2013-4319
pbsmom in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command...
Debian DSA-2770-1 : torque - authentication bypass
John Fitzpatrick of MWR InfoSecurity discovered an authentication bypass vulnerability in torque, a PBS-derived batch processing queueing system. The torque authentication model revolves around the use of privileged ports. If a request is not made from a privileged port then it is assumed not to ...
[SECURITY] [DSA 2770-1] torque security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2770-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 09, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2770-1 (torque - authentication bypass)
John Fitzpatrick of MWR InfoSecurity discovered an authentication bypass vulnerability in torque, a PBS-derived batch processing queueing system. The torque authentication model revolves around the use of privileged ports. If a request is not made from a privileged port then it is assumed not to ...
PBS Pro race condition vulnerability
Application: PBS Pro part od PBS Works by Altair Engineering Affected version: 10.4 OS: Linux/UNIX CVE ID: pending Class: temporary file creation race condition Remote: no Threat: destroy arbitrary choosen file of other user Discovered: 02.02.2010 Discovered by: Bartlomiej Balcerek Background: PB...
CVE-2006-5677
resmom/startexec.c in pbsmom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on 1 a job output file in /usr/spool/PBS/spool and possibly 2 a job file in /usr/spool/PBS/mompriv/jobs...
CVE-2006-5677
The CVE-2006-5677 issue affects TORQUE Resource Manager, specifically resmom/start_exec.c in pbs_mom (versions up to 2.0.0p8). A local user can exploit a symlink attack to create arbitrary files in /usr/spool/PBS/spool (and possibly /usr/spool/PBS/mom_priv/jobs), enabling potential arbitrary file...