CVE-2013-4495

The vulnerability CVE-2013-4495 affects TORQUE Resource Manager before 4.2.6, where the send_the_mail function in server/svr_mail.c allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M) switch to qsub. This is a remote, unauthenticated vector with high i...

CVE-2014-3684

CVE-2014-3684 affects the TORQUE Resource Manager (lib/Libifl/tm.c, tm_adopt) across 5.0.x, 4.5.x, 4.2.x and earlier. The root cause is that the owner of a process is not validated to also own the adopted session id, enabling remote authenticated users to kill arbitrary processes via a crafted ex...

CVE-2014-0749

CVE-2014-0749 is a stack-based buffer overflow in TORQUE Resource Manager 2.5.x up to 2.5.13 triggered while parsing the DIS network protocol, enabling remote code execution. Public disclosures and advisories describe an unauthenticated remote attacker exploiting a small buffer overflow to run ar...

CVE-2013-4319

CVE-2013-4319 affects TORQUE Resource Manager’s pbs_mom, where improper access control on unprivileged ports allows remote authenticated users to submit commands and execute arbitrary jobs. Affected versions include TORQUE 2.5.x, 4.x, and earlier. Root cause: failure to properly restrict access b...