Torque versions 2.5.13 and below suffer from a buffer overflow vulnerability.
d70ac68760be26990412a9557c8ba8998fd61ae6ed3c065bbd16318b9e99b85aMandriva Linux Security Advisory 2015-124 - Chad Vizino reported that within a TORQUE Resource Manager job a non-root user could use a vulnerability in the tm_adopt() library call to kill processes he/she doesn't own including root-owned ones on any node in a job. This update implements the upstream fixes.
0b6cf337451bd08a3491d44990a5a552c523304d3702af295a7b53c842bd5444Gentoo Linux Security Advisory 201412-47 - Multiple vulnerabilities have been found in TORQUE Resource Manager, possibly resulting in escalation of privileges or remote code execution. Versions less than 4.1.7 are affected.
51a42e443e73a67f0e0416d7e5cd284c78b89ddef4d31e82cd485c179c0087a4Debian Linux Security Advisory 3058-1 - Chad Vizino reported a vulnerability in torque, a PBS-derived batch processing queueing system. A non-root user could exploit the flaw in the tm_adopt() library call to kill any process, including root-owned ones on any node in a job.
794e6fcde2a5edb7fde588274221b91b4eb16325a3b27ba4ad68854d85168f41TORQUE Resource Manager versions 2.5.x through 2.5.13 suffer from a stack buffer overflow vulnerability.
01db40756d23f2ac4bcfe60e33e9ff8f16a701a683f0b663f33585f704651449Debian Linux Security Advisory 2936-1 - John Fitzpatrick from MWR Labs reported a stack-based buffer overflow vulnerability in torque, a PBS-derived batch processing queueing system. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code with root privileges.
000e95af2d290953506bcada622442d6062842c424e774b0871880778600207bDebian Linux Security Advisory 2796-1 - Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system.
8c1ab3f9d4ec34b474a39b54a38613b2324aa25e984e9b49b4c99b5a3a39637fDebian Linux Security Advisory 2770-1 - John Fitzpatrick of MWR InfoSecurity discovered an authentication bypass vulnerability in torque, a PBS-derived batch processing queueing system.
f2fdcb75a9312ce5e54011beca4f9336ca38ab399b314819a73d184a1bd429b0Secunia Security Advisory - A vulnerability has been reported in TORQUE, which can be exploited by malicious users to bypass certain security restrictions.
0d0620b52fc6be45a55604fe59ddf6ca94d08cc71ef5952080a0913692365cd3Debian Linux Security Advisory 2329-1 - Bartlomiej Balcerek discovered several buffer overflows in torque server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names.
5f42437f7d36f6cd8bdb547930c295a44714e4c3fb860357704edd6e75e86fbfSecunia Security Advisory - Debian has issued an update for torque. This fixes two vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
1e11d6ea99c6064f81333e20e070414305a740305122bb042fbe6a11672eddccSecunia Security Advisory - A vulnerability has been reported in TORQUE Resource Manager, which can be exploited by malicious people to bypass certain security restrictions.
09a18adb762451157aaf7e193b7b3832b5e0f13d1ba889d3af0df1fa0e26f181Torque Server versions prior to 2.4.1.4 and 3.0.[0,1] suffer from a buffer overflow vulnerability.
d42dea2627d928ed2511106108e44d93bc90572f0feebc4a43a5e9fbfbcc8c7bSecunia Security Advisory - Fedora has issued an update for torque. This fixes two vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
22ccbc54d9f5c3f698329d38b5c9cc0f6ecd62a58c9020a199ddf6eb271949efSecunia Security Advisory - Two vulnerabilities have been reported in TORQUE Resource Manager, which can be exploited by malicious, local users to gain escalated privileges.
f3a322462ace22c414b7b0c0cc483632ac1a6cdfb473a2747000d9cd8453c156Secunia Security Advisory - Some vulnerabilities have been reported in Torque Game Engine, which can be exploited by malicious people to cause a DoS (Denial of Service).
5cfb5bb49db63212e504f4177d14cee68b4da8e3040df46dff706d5c7cbf9111Gentoo Linux Security Advisory GLSA 200611-14 - TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems with more permissive access rights to the spool directory are vulnerable. Versions less than 2.1.2-r2 are affected.
57a4cb9abde1537e010e1f32a644fab74c9c7131b1112d5d7e9bb24e423b86e9A paper discussing a race condition vulnerability in a software package called TORQUE Resource Manager.
8e3866e0319643aa29a9919eaa286e3471d96bfe045e873e7e743efd8891fb19
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed