CVE-2013-4319

NameCVE-2013-4319
Descriptionpbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2770-1
NVD severityhigh (attack range: remote)
Debian Bugs722306
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
torque (PTS)squeeze, squeeze (security)2.4.8+dfsg-9squeeze4fixed
squeeze (lts)2.4.8+dfsg-9squeeze5fixed
wheezy (security), wheezy2.4.16+dfsg-1+deb7u4fixed
sid2.4.16+dfsg-1.5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
torquesource(unstable)2.4.16+dfsg-1.1high722306
torquesourcesqueeze2.4.8+dfsg-9squeeze2highDSA-2770-1
torquesourcewheezy2.4.16+dfsg-1+deb7u1highDSA-2770-1

Notes

http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html

Search for package or bug name: Reporting problems