Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 378805 (CVE-2011-2907)

Summary: <sys-cluster/torque-2.5.9 : Authentication Bypass Vulnerability (CVE-2011-2907)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: cluster, jsbronder
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.clusterresources.com/pipermail/torqueusers/2011-August/013194.html
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2011-08-11 16:45:56 UTC 
More info at $URL
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:44:23 UTC 
CVE-2011-2907 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2907):
  Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource
  Manager) 3.0.1 and earlier allows remote attackers to bypass host-based
  authentication and submit arbitrary jobs via a modified PBS_O_HOST variable
  to the qsub program.
Comment 2 Agostino Sarubbo gentoo-dev 2012-01-05 09:16:46 UTC 
Upstream says that is fixed in 2.5.9
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2013-03-24 20:05:20 UTC 
Related: Bug 390167
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-06-18 01:35:15 UTC 
Added to existing GLSA Request
Comment 5 Justin Lecher (RETIRED) gentoo-dev 2014-09-18 11:56:47 UTC 
All vulnerable versions gone, GLSA issued?
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-12-26 20:04:33 UTC 
This issue was resolved and addressed in
 GLSA 201412-47 at http://security.gentoo.org/glsa/glsa-201412-47.xml
by GLSA coordinator Yury German (BlueKnight).