Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 378805 (CVE-2011-2907) - <sys-cluster/torque-2.5.9 : Authentication Bypass Vulnerability (CVE-2011-2907)
Summary: <sys-cluster/torque-2.5.9 : Authentication Bypass Vulnerability (CVE-2011-2907)
Alias: CVE-2011-2907
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa]
Depends on:
Reported: 2011-08-11 16:45 UTC by Agostino Sarubbo
Modified: 2014-12-26 20:04 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-08-11 16:45:56 UTC
More info at $URL
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:44:23 UTC
CVE-2011-2907 (
  Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource
  Manager) 3.0.1 and earlier allows remote attackers to bypass host-based
  authentication and submit arbitrary jobs via a modified PBS_O_HOST variable
  to the qsub program.
Comment 2 Agostino Sarubbo gentoo-dev 2012-01-05 09:16:46 UTC
Upstream says that is fixed in 2.5.9
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2013-03-24 20:05:20 UTC
Related: Bug 390167
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-06-18 01:35:15 UTC
Added to existing GLSA Request
Comment 5 Justin Lecher (RETIRED) gentoo-dev 2014-09-18 11:56:47 UTC
All vulnerable versions gone, GLSA issued?
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-12-26 20:04:33 UTC
This issue was resolved and addressed in
 GLSA 201412-47 at
by GLSA coordinator Yury German (BlueKnight).