Multiple buffer overflows in Terascale Open-Source Resource and Queue
Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before
2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain
privileges via a long Job_Name field in a qsub command to the server, and
might allow (2) local users to gain privileges via vectors involving a long
host variable in pbs_iff.
#### Bugs
* <https://bugzilla.redhat.com/show_bug.cgi?id=711463>
{"fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "TORQUE (Tera-scale Open-source Resource and QUEue manager) is a resource manager providing control over batch jobs and distributed compute nodes. TORQUE is based on OpenPBS version 2.3.12 and incorporates scalability, fault tolerance, and feature extension patches provided by USC, NCSA, OSC, the U.S. Dept of Energy, Sandia, PNNL, U of Buffalo, TeraGrid, and many other leading edge HPC organizations. This package holds just a few shared files and directories. ", "cvss3": {}, "published": "2011-06-21T17:18:20", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: torque-2.4.11-2.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2193"], "modified": "2011-06-21T17:18:20", "id": "FEDORA:AC46C11157B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TA7XRGOXYQB7ULB22D4K24P5ESZBRQBD/", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "TORQUE (Tera-scale Open-source Resource and QUEue manager) is a resource manager providing control over batch jobs and distributed compute nodes. TORQUE is based on OpenPBS version 2.3.12 and incorporates scalability, fault tolerance, and feature extension patches provided by USC, NCSA, OSC, the U.S. Dept of Energy, Sandia, PNNL, U of Buffalo, TeraGrid, and many other leading edge HPC organizations. This package holds just a few shared files and directories. ", "cvss3": {}, "published": "2011-07-12T22:01:54", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: torque-3.0.1-4.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2193"], "modified": "2011-07-12T22:01:54", "id": "FEDORA:25E1710F987", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6T3F3ALNLVMIM3O2FBFGIWDZVGGHSYIQ/", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:34:26", "description": "This update fixes a buffer overflow that could allow for remote arbitrary code execution by a torque service. Credit to Bartlomiej Balcerek - CVE-2011-2193.\n\nWarning: Packages previous to torque-3.0.1-4.fc15 within Fedora 15 contained the empty file /var/lib/torque/server_priv/nodes . This file is a listing of the nodes within your torque cluster and as such it should survive intact with upgrades. This file has now been removed from the package with torque-3.0.1-4.fc15 but it is essential that you backup and restore this file before and then after installing torque-3.0.1-4.fc15.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-13T00:00:00", "type": "nessus", "title": "Fedora 15 : torque-3.0.1-4.fc15 (2011-8072)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2193"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:torque", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-8072.NASL", "href": "https://www.tenable.com/plugins/nessus/55578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8072.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55578);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2193\");\n script_bugtraq_id(48374);\n script_xref(name:\"FEDORA\", value:\"2011-8072\");\n\n script_name(english:\"Fedora 15 : torque-3.0.1-4.fc15 (2011-8072)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a buffer overflow that could allow for remote\narbitrary code execution by a torque service. Credit to Bartlomiej\nBalcerek - CVE-2011-2193.\n\nWarning: Packages previous to torque-3.0.1-4.fc15 within Fedora 15\ncontained the empty file /var/lib/torque/server_priv/nodes . This file\nis a listing of the nodes within your torque cluster and as such it\nshould survive intact with upgrades. This file has now been removed\nfrom the package with torque-3.0.1-4.fc15 but it is essential that you\nbackup and restore this file before and then after installing\ntorque-3.0.1-4.fc15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=711463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=716659\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05f7ad3c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected torque package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:torque\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"torque-3.0.1-4.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"torque\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:11", "description": "Bartlomiej Balcerek discovered several buffer overflows in TORQUE server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names.\n\nThe oldstable distribution (lenny) does not contain torque.", "cvss3": {}, "published": "2011-10-28T00:00:00", "type": "nessus", "title": "Debian DSA-2329-1 : torque - buffer overflow", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2193"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:torque", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2329.NASL", "href": "https://www.tenable.com/plugins/nessus/56662", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2329. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56662);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2193\");\n script_bugtraq_id(48374);\n script_xref(name:\"DSA\", value:\"2329\");\n\n script_name(english:\"Debian DSA-2329-1 : torque - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bartlomiej Balcerek discovered several buffer overflows in TORQUE\nserver, a PBS-derived batch processing server. This allows an attacker\nto crash the service or execute arbitrary code with privileges of the\nserver via crafted job or host names.\n\nThe oldstable distribution (lenny) does not contain torque.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/torque\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2329\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the torque packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.8+dfsg-9squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:torque\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libtorque2\", reference:\"2.4.8+dfsg-9squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtorque2-dev\", reference:\"2.4.8+dfsg-9squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"torque-client\", reference:\"2.4.8+dfsg-9squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"torque-client-x11\", reference:\"2.4.8+dfsg-9squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"torque-common\", reference:\"2.4.8+dfsg-9squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"torque-mom\", reference:\"2.4.8+dfsg-9squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"torque-pam\", reference:\"2.4.8+dfsg-9squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"torque-scheduler\", reference:\"2.4.8+dfsg-9squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"torque-server\", reference:\"2.4.8+dfsg-9squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:33:38", "description": "This update fixes a buffer overflow that could allow for remote arbitrary code execution by a torque service. Credit to Bartlomiej Balcerek - CVE-2011-2193.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-06-22T00:00:00", "type": "nessus", "title": "Fedora 14 : torque-2.4.11-2.fc14 (2011-8117)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2193"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:torque", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-8117.NASL", "href": "https://www.tenable.com/plugins/nessus/55394", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8117.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55394);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2193\");\n script_xref(name:\"FEDORA\", value:\"2011-8117\");\n\n script_name(english:\"Fedora 14 : torque-2.4.11-2.fc14 (2011-8117)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a buffer overflow that could allow for remote\narbitrary code execution by a torque service. Credit to Bartlomiej\nBalcerek - CVE-2011-2193.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=711463\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00bb3c6b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected torque package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:torque\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"torque-2.4.11-2.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"torque\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:41:58", "description": "The remote host is affected by the vulnerability described in GLSA-201412-47 (TORQUE Resource Manager: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in TORQUE Resource Manager. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2014-12-29T00:00:00", "type": "nessus", "title": "GLSA-201412-47 : TORQUE Resource Manager: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2193", "CVE-2011-2907", "CVE-2011-4925", "CVE-2013-4319", "CVE-2013-4495", "CVE-2014-0749"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:torque", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201412-47.NASL", "href": "https://www.tenable.com/plugins/nessus/80268", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-47.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80268);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2193\", \"CVE-2011-2907\", \"CVE-2011-4925\", \"CVE-2013-4319\", \"CVE-2013-4495\", \"CVE-2014-0749\");\n script_bugtraq_id(48374, 49119, 51224, 62273, 63722, 67420);\n script_xref(name:\"GLSA\", value:\"201412-47\");\n\n script_name(english:\"GLSA-201412-47 : TORQUE Resource Manager: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-47\n(TORQUE Resource Manager: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in TORQUE Resource\n Manager. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker may be able to gain escalated privileges,\n execute arbitrary code, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-47\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All TORQUE Resource Manager 4.x users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-cluster/torque-4.1.7'\n All TORQUE Resource Manager 2.x users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-cluster/torque-2.5.13'\n NOTE: One or more of the issues described in this advisory have been\n fixed in previous updates. They are included in this advisory for the\n sake of completeness. It is likely that your system is already no longer\n affected by them.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:torque\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-cluster/torque\", unaffected:make_list(\"ge 4.1.7\", \"rge 2.5.13\"), vulnerable:make_list(\"lt 4.1.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"TORQUE Resource Manager\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:55:21", "description": "Check for the Version of torque", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Fedora Update for torque FEDORA-2011-8072", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2193"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863359", "href": "http://plugins.openvas.org/nasl.php?oid=863359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for torque FEDORA-2011-8072\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"TORQUE (Tera-scale Open-source Resource and QUEue manager) is a resource\n manager providing control over batch jobs and distributed compute nodes.\n TORQUE is based on OpenPBS version 2.3.12 and incorporates scalability,\n fault tolerance, and feature extension patches provided by USC, NCSA, OSC,\n the U.S. Dept of Energy, Sandia, PNNL, U of Buffalo, TeraGrid, and many\n other leading edge HPC organizations.\n\n This package holds just a few shared files and directories.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"torque on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html\");\n script_id(863359);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-8072\");\n script_cve_id(\"CVE-2011-2193\");\n script_name(\"Fedora Update for torque FEDORA-2011-8072\");\n\n script_summary(\"Check for the Version of torque\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"torque\", rpm:\"torque~3.0.1~4.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:50", "description": "Check for the Version of torque", "cvss3": {}, "published": "2011-06-24T00:00:00", "type": "openvas", "title": "Fedora Update for torque FEDORA-2011-8117", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2193"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863293", "href": "http://plugins.openvas.org/nasl.php?oid=863293", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for torque FEDORA-2011-8117\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"TORQUE (Tera-scale Open-source Resource and QUEue manager) is a resource\n manager providing control over batch jobs and distributed compute nodes.\n TORQUE is based on OpenPBS version 2.3.12 and incorporates scalability,\n fault tolerance, and feature extension patches provided by USC, NCSA, OSC,\n the U.S. Dept of Energy, Sandia, PNNL, U of Buffalo, TeraGrid, and many\n other leading edge HPC organizations.\n\n This package holds just a few shared files and directories.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"torque on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html\");\n script_id(863293);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-24 16:46:35 +0200 (Fri, 24 Jun 2011)\");\n script_xref(name: \"FEDORA\", value: \"2011-8117\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2193\");\n script_name(\"Fedora Update for torque FEDORA-2011-8117\");\n\n script_summary(\"Check for the Version of torque\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"torque\", rpm:\"torque~2.4.11~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:51:06", "description": "The remote host is missing an update to torque\nannounced via advisory DSA 2329-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2329-1 (torque)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2193"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70544", "href": "http://plugins.openvas.org/nasl.php?oid=70544", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2329_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2329-1 (torque)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Bartlomiej Balcerek discovered several buffer overflows in torque server,\na PBS-derived batch processing server. This allows an attacker to crash the\nservice or execute arbitrary code with privileges of the server via crafted\njob or host names.\n\nThe oldstable distribution (lenny) does not contain torque.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.8+dfsg-9squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.4.15+dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.15+dfsg-1.\n\nWe recommend that you upgrade your torque packages.\";\ntag_summary = \"The remote host is missing an update to torque\nannounced via advisory DSA 2329-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202329-1\";\n\nif(description)\n{\n script_id(70544);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2193\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:26:55 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2329-1 (torque)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtorque2\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtorque2-dev\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-client\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-client-x11\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-common\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-mom\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-pam\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-scheduler\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-server\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtorque2\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtorque2-dev\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-client\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-client-x11\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-common\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-mom\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-pam\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-scheduler\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-server\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Fedora Update for torque FEDORA-2011-8072", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2193"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for torque FEDORA-2011-8072\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863359\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-8072\");\n script_cve_id(\"CVE-2011-2193\");\n script_name(\"Fedora Update for torque FEDORA-2011-8072\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'torque'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"torque on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"torque\", rpm:\"torque~3.0.1~4.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-06-24T00:00:00", "type": "openvas", "title": "Fedora Update for torque FEDORA-2011-8117", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2193"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863293", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863293", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for torque FEDORA-2011-8117\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863293\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-24 16:46:35 +0200 (Fri, 24 Jun 2011)\");\n script_xref(name:\"FEDORA\", value:\"2011-8117\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2193\");\n script_name(\"Fedora Update for torque FEDORA-2011-8117\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'torque'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"torque on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"torque\", rpm:\"torque~2.4.11~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:07", "description": "The remote host is missing an update to torque\nannounced via advisory DSA 2329-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2329-1 (torque)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2193"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070544", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070544", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2329_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2329-1 (torque)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70544\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2193\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:26:55 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2329-1 (torque)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202329-1\");\n script_tag(name:\"insight\", value:\"Bartlomiej Balcerek discovered several buffer overflows in torque server,\na PBS-derived batch processing server. This allows an attacker to crash the\nservice or execute arbitrary code with privileges of the server via crafted\njob or host names.\n\nThe oldstable distribution (lenny) does not contain torque.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.8+dfsg-9squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.4.15+dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.15+dfsg-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your torque packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to torque\nannounced via advisory DSA 2329-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtorque2\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtorque2-dev\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-client\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-client-x11\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-common\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-mom\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-pam\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-scheduler\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-server\", ver:\"2.4.8+dfsg-9squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtorque2\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtorque2-dev\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-client\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-client-x11\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-common\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-mom\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-pam\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-scheduler\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"torque-server\", ver:\"2.4.16+dfsg-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:08", "description": "Gentoo Linux Local Security Checks GLSA 201412-47", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-47", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4925", "CVE-2013-4319", "CVE-2011-2907", "CVE-2013-4495", "CVE-2014-0749", "CVE-2011-2193"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121333", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-47.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121333\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:24 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-47\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in TORQUE Resource Manager. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-47\");\n script_cve_id(\"CVE-2011-2193\", \"CVE-2011-2907\", \"CVE-2011-4925\", \"CVE-2013-4319\", \"CVE-2013-4495\", \"CVE-2014-0749\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-47\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"sys-cluster/torque\", unaffected: make_list(\"ge 4.1.7\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-cluster/torque\", unaffected: make_list(\"ge 2.5.13\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-cluster/torque\", unaffected: make_list(), vulnerable: make_list(\"lt 4.1.7\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-22T00:11:07", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-2329-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nOct 27th, 2011 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : torque\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nDebian bug : none\nCVE IDs : CVE-2011-2193\n\nBartlomiej Balcerek discovered several buffer overflows in torque server,\na PBS-derived batch processing server. This allows an attacker to crash the\nservice or execute arbitrary code with privileges of the server via crafted\njob or host names.\n\nThe oldstable distribution (lenny) does not contain torque.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.8+dfsg-9squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.4.15+dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.15+dfsg-1.\n\nWe recommend that you upgrade your torque packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-10-27T08:56:33", "type": "debian", "title": "[SECURITY] [DSA 2329-1] torque security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2193"], "modified": "2011-10-27T08:56:33", "id": "DEBIAN:DSA-2329-1:FF59E", "href": "https://lists.debian.org/debian-security-announce/2011/msg00205.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T19:13:57", "description": "Buffer overflow on oversized job name.", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "securityvulns", "title": "Torque Server buffer overflow", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2193"], "modified": "2011-07-18T00:00:00", "id": "SECURITYVULNS:VULN:11791", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11791", "sourceData": "", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "Name: Torque Server Buffer Overflow Vulnerability\r\nAuthor: Adam Zabrocki (<pi3@itsec.pl>)\r\n Bartlomiej Balcerek (<bartol@pwr.wroc.pl>)\r\n Maciej Kotowicz\r\n(<maciej.kotowicz@pwr.wroc.pl>)\r\nDate: March 27, 2011\r\nRisk: Moderate\r\nCVE: CVE-2011-2193\r\n\r\n\r\n Description:\r\n\r\nTORQUE Resource Manager provides control over batch jobs and distributed\r\ncomputing resources.\r\nIt is an advanced open-source product based on the original PBS project*\r\nand incorporates the\r\nbest of both community and professional development. It incorporates\r\nsignificant advances in\r\nthe areas of scalability, reliability, and functionality and is\r\ncurrently in use at tens of\r\nthousands of leading government, academic, and commercial sites\r\nthroughout the world. TORQUE\r\nmay be freely used, modified, and distributed under the constraints of\r\nthe included license.\r\n\r\nTORQUE is commonly used in most of the GRID projects including WLCG,\r\nEGEE, etc.\r\n\r\n\r\n Details:\r\n\r\nA buffer overflow vulnerability has been found in the Torque server.\r\nThis was\r\nreported to the EGI SVG (RT 1870) as well as to the Torque software\r\nproviders. \r\n\r\nThis has been fixed by the Torque Providers, and an updated version is\r\nalso\r\navailable in EPEL.\r\n\r\nTorque server does not check the length of "job name" argument before\r\nusing it - this string is verified only on the client side. It is\r\npossible to use modified Torque client or DRMAA interface to submit job\r\nwith arbitrary chosen job name in terms of length and content. Thus, it\r\nis possible to attacker to overflow buffer and overwrite some Torque\r\nserver process internal data causing its specific behavior.\r\n\r\nWhat can be overwritten is log_buffer global string array and\r\nall next symbols:\r\n\r\n0000000000734b00 B log_buffer\r\n0000000000738b00 B msg_registerrel\r\n0000000000738b08 B msg_manager\r\n0000000000738b10 B msg_startup1\r\n0000000000738b18 B msg_momnoexec1\r\n0000000000738b20 B msg_man_uns\r\n0000000000738b28 B msg_sched_nocall\r\n0000000000738b30 B msg_issuebad\r\n0000000000738b38 B stdout@@GLIBC_2.2.5\r\n0000000000738b40 B msg_job_end_stat\r\n0000000000738b48 b dtor_idx.6147\r\n0000000000738b50 b completed.6145\r\n0000000000738b58 b acct_opened\r\n0000000000738b5c b acct_auto_switch\r\n0000000000738b60 b acctfile\r\n0000000000738b68 b acct_opened_day\r\n0000000000738b70 b spaceused\r\n0000000000738b78 b spaceavail\r\n0000000000738b80 b username.6360\r\n0000000000738bc0 b groupname.6402\r\n\r\n\r\nHere is example how to submit the crafted job:\r\n\r\n[bartol@bartek_torque torque-mod]$ echo /bin/date | ./src/cmds/qsub -Z\r\n"Job_Name=`perl -e 'print "A"x16350'`"\r\n\r\nIt is possible now to see in debugger that structures adjacent to\r\nlog_buffer are overwritten with "A" chars (encoded as 0x41 numbers):\r\n\r\nProgram received signal SIGINT, Interrupt.\r\n0x00000033550cd323 in __select_nocancel () from /lib64/libc.so.6\r\n(gdb) x/20x 0x0000000000738b00\r\n0x738b00 <msg_registerrel>: 0x4141414141414141\r\n0x4141414141414141\r\n0x738b10 <msg_startup1>: 0x4141414141414141\r\n0x4141414141414141\r\n0x738b20 <msg_man_uns>: 0x4141414141414141 0x4141414141414141\r\n\r\nThe overflow occurs in the following code:\r\n\r\n1560 sprintf(log_buffer, msg_jobnew,\r\n1561 preq->rq_user, preq->rq_host,\r\n1562 pj->ji_wattr[(int)JOB_ATR_job_owner].at_val.at_str,\r\n1563 pj->ji_wattr[(int)JOB_ATR_jobname].at_val.at_str,\r\n1564 pj->ji_qhdr->qu_qs.qu_name);\r\n\r\n\r\nWe proved that server crash is easily possible (including database\r\ndamage) and we think privilege escalation can be done with some more\r\neffort as well, but the latter is strongly dependable on particular\r\nbuild flags and architecture.\r\n\r\nThe overflow is also possible in pbs_iff setuid binary, since the "host"\r\nvariable length is not checked:\r\n\r\n sprintf(log_buffer,"cannot resolve IP address for host '%s'\r\nherror=%d: %s",\r\n hostname, /*1*/\r\n h_errno,\r\n hstrerror(h_errno));\r\n\r\n\r\n Affected Software:\r\n\r\nVersions of Torque prior to Torque 2.4.14 and also Torque 3.0.[0,1]\r\n\r\n\r\n References:\r\n\r\nCVE assignment:\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2193\r\n\r\nRH bug:\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=711463\r\n\r\nRH release for SL5:\r\nhttps://admin.fedoraproject.org/updates/torque-2.3.13-2.el5\r\n\r\n\r\nCluster resources ref. \r\nhttp://www.clusterresources.com/pipermail/torqueusers/2011-June/012982.html\r\n\r\n\r\n Timeline:\r\n\r\nYyyy-mm-dd\r\n\r\n2011-05-10 Vulnerability reported to EGI SVG by Bartlomiej Balcerek, in\r\naddition to reporting to\r\n software providers\r\n2011-05-10 Acknowledgement from the EGI SVG to the reporter\r\n2011-06-06 Software provider states issue fixed \r\n2011-06-07 Bug subitted in RH EPEL, as EGI mostly uses EPEL distribution\r\n2011-06-22 Updated packages formally released in EPEL\r\n2011-06-24 Public disclosure by the EGI SVG\r\n\r\n--\r\nhttp://pi3.com.pl\r\n", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "securityvulns", "title": "Torque Server Buffer Overflow Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2193"], "modified": "2011-07-18T00:00:00", "id": "SECURITYVULNS:DOC:26654", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26654", "sourceData": "", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osv": [{"lastseen": "2022-08-10T07:08:50", "description": "\nBartlomiej Balcerek discovered several buffer overflows in TORQUE server,\na PBS-derived batch processing server. This allows an attacker to crash the\nservice or execute arbitrary code with privileges of the server via crafted\njob or host names.\n\n\nThe oldstable distribution (lenny) does not contain torque.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.8+dfsg-9squeeze1.\n\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.4.15+dfsg-1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.15+dfsg-1.\n\n\nWe recommend that you upgrade your torque packages.\n\n\n", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "osv", "title": "torque - buffer overflow", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2193"], "modified": "2022-08-10T07:08:47", "id": "OSV:DSA-2329-1", "href": "https://osv.dev/vulnerability/DSA-2329-1", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-02-09T14:52:36", "description": "Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff.", "cvss3": {}, "published": "2011-06-24T20:55:00", "type": "cve", "title": "CVE-2011-2193", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2193"], "modified": "2018-10-09T19:32:00", "cpe": ["cpe:/a:clusterresources:torque_resource_manager:2.3.7", "cpe:/a:clusterresources:torque_resource_manager:2.5.4", "cpe:/a:clusterresources:torque_resource_manager:2.3.2", "cpe:/a:clusterresources:torque_resource_manager:2.3.3", "cpe:/a:clusterresources:torque_resource_manager:2.3.8", "cpe:/a:clusterresources:torque_resource_manager:2.1.10", "cpe:/a:clusterresources:torque_resource_manager:2.3.5", "cpe:/a:clusterresources:torque_resource_manager:2.4.11", "cpe:/a:clusterresources:torque_resource_manager:2.3.11", "cpe:/a:clusterresources:torque_resource_manager:2.3.9", "cpe:/a:clusterresources:torque_resource_manager:2.4.12", "cpe:/a:clusterresources:torque_resource_manager:2.5.0", "cpe:/a:clusterresources:torque_resource_manager:2.2.1", "cpe:/a:clusterresources:torque_resource_manager:2.3.13", "cpe:/a:clusterresources:torque_resource_manager:2.3.0", "cpe:/a:clusterresources:torque_resource_manager:2.1.0p11", "cpe:/a:clusterresources:torque_resource_manager:2.3.4", "cpe:/a:clusterresources:torque_resource_manager:2.1.1", "cpe:/a:clusterresources:torque_resource_manager:2.5.1", "cpe:/a:clusterresources:torque_resource_manager:2.4.5", "cpe:/a:clusterresources:torque_resource_manager:2.4.3", "cpe:/a:clusterresources:torque_resource_manager:2.1.7", "cpe:/a:clusterresources:torque_resource_manager:2.4.9", "cpe:/a:clusterresources:torque_resource_manager:2.1.8", "cpe:/a:clusterresources:torque_resource_manager:2.5.2", "cpe:/a:clusterresources:torque_resource_manager:2.4.13", "cpe:/a:clusterresources:torque_resource_manager:2.3.6", "cpe:/a:clusterresources:torque_resource_manager:2.1.9", "cpe:/a:clusterresources:torque_resource_manager:2.4.6", "cpe:/a:clusterresources:torque_resource_manager:2.4.8", "cpe:/a:clusterresources:torque_resource_manager:2.5.3", "cpe:/a:clusterresources:torque_resource_manager:2.5.5", "cpe:/a:clusterresources:torque_resource_manager:2.4.2", "cpe:/a:clusterresources:torque_resource_manager:2.4.7", "cpe:/a:clusterresources:torque_resource_manager:2.3.1", "cpe:/a:clusterresources:torque_resource_manager:2.1.6", "cpe:/a:clusterresources:torque_resource_manager:2.1.3", "cpe:/a:clusterresources:torque_resource_manager:2.1.2", "cpe:/a:clusterresources:torque_resource_manager:2.4.10", "cpe:/a:clusterresources:torque_resource_manager:2.4.4", "cpe:/a:clusterresources:torque_resource_manager:2.3.10", "cpe:/a:clusterresources:torque_resource_manager:2.3.12", "cpe:/a:clusterresources:torque_resource_manager:2.1.11", "cpe:/a:clusterresources:torque_resource_manager:2.1.0", "cpe:/a:clusterresources:torque_resource_manager:3.0.1", "cpe:/a:clusterresources:torque_resource_manager:3.0.0"], "id": "CVE-2011-2193", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2193", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:clusterresources:torque_resource_manager:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.1.0p11:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:clusterresources:torque_resource_manager:2.3.3:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2022-01-17T19:07:14", "description": "### Background\n\nTORQUE is a resource manager and queuing system based on OpenPBS.\n\n### Description\n\nMultiple vulnerabilities have been discovered in TORQUE Resource Manager. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll TORQUE Resource Manager 4.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-cluster/torque-4.1.7\"\n \n\nAll TORQUE Resource Manager 2.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-cluster/torque-2.5.13\"\n \n\nNOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them.", "cvss3": {}, "published": "2014-12-26T00:00:00", "type": "gentoo", "title": "TORQUE Resource Manager: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2193", "CVE-2011-2907", "CVE-2011-4925", "CVE-2013-4319", "CVE-2013-4495", "CVE-2014-0749"], "modified": "2014-12-26T00:00:00", "id": "GLSA-201412-47", "href": "https://security.gentoo.org/glsa/201412-47", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2011-2193
