BugTraq
[SECURITY] [DSA 2796-1] torque security update Nov 13 2013 07:31PM
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2796-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
November 13, 2013 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
-

Package : torque
Vulnerability : arbitrary code execution
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-4495
Debian Bug : 729333

Matt Ezell from Oak Ridge National Labs reported a vulnerability in
torque, a PBS-derived batch processing queueing system.

A user could submit executable shell commands on the tail of what is
passed with the -M switch for qsub. This was later passed to a pipe,
making it possible for these commands to be executed as root on the
pbs_server.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2.4.8+dfsg-9squeeze3.

For the stable distribution (wheezy), this problem has been fixed in
version 2.4.16+dfsg-1+deb7u2.

For the unstable distribution (sid), this problem has been fixed in
version 2.4.16+dfsg-1.3.

We recommend that you upgrade your torque packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSg9JgAAoJEAVMuPMTQ89EqOIP/Au7xN2tw30qBBOtnlyDxonv
Dqn5FxfAyxvsrBuD4uB4wOELNR8UiqHn1xWcRBLHTP5DJonhAHMH3VeCFJIjfj0a
vUcnzu0SnChvrT1OaZEF7M7RzOzT03ylSKwA5ED6U7ZuXOPqWPSXI+hzDhjLuThf
S6hrw4yAc9RI6uoMQIK5HHbPf8EwjhO+ep/cXPH7KizCw64xdpqBrkEqNvPS851C
m7CjfiGp2nOMLcdr0MUA62P/tRn9PYcCrNLcVge+2TXAtZ4gWctCxd3iud4R8Abt
EYnzv8uckW1/yhTyd4l2wc5U34Xbf6O6ZbuQwt9ZzF/s4XNCaX26BLcwTNWYYOmy
+YnRW+QqBsiTXIS3W2uTW9w93iwgkP7t087tZx6enllxplqkkI8GNX7bWNXA2lcY
iQuCLfxzsNYkhNiGkuf4NgglUbcMEw4D8V4vuHoTAVSwemLLY2ghkwSCLW1ZUHTb
wI0gDJPSFp10Z3CORSHJghFX5LH25HgrKDJ4S0Waz5WjBRT21r4Li/bsYHGOMht2
jAyQ3H1Ahfk4KK/IKu5V/q6UoYMtX5On2ozCfTdUa/fLvvQHzDj6zHLmWa+ob3Xg
yH+T0Fsj+laxky1N+QeYnN2uMPiAsxKsR1RLvoZk2dniStdldkwR37Pmv9jlFjnf
RFqk8VMbBlX9kb5qxPdq
=z3T1
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus