Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 378805 (CVE-2011-2907) - <sys-cluster/torque-2.5.9 : Authentication Bypass Vulnerability (CVE-2011-2907)
Summary: <sys-cluster/torque-2.5.9 : Authentication Bypass Vulnerability (CVE-2011-2907)
Status: RESOLVED FIXED
Alias: CVE-2011-2907
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://www.clusterresources.com/piper...
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-11 16:45 UTC by Agostino Sarubbo
Modified: 2014-12-26 20:04 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-08-11 16:45:56 UTC 
More info at $URL
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:44:23 UTC 
CVE-2011-2907 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2907):
  Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource
  Manager) 3.0.1 and earlier allows remote attackers to bypass host-based
  authentication and submit arbitrary jobs via a modified PBS_O_HOST variable
  to the qsub program.
Comment 2 Agostino Sarubbo gentoo-dev 2012-01-05 09:16:46 UTC 
Upstream says that is fixed in 2.5.9
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2013-03-24 20:05:20 UTC 
Related: Bug 390167
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-06-18 01:35:15 UTC 
Added to existing GLSA Request
Comment 5 Justin Lecher (RETIRED) gentoo-dev 2014-09-18 11:56:47 UTC 
All vulnerable versions gone, GLSA issued?
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-12-26 20:04:33 UTC 
This issue was resolved and addressed in
 GLSA 201412-47 at http://security.gentoo.org/glsa/glsa-201412-47.xml
by GLSA coordinator Yury German (BlueKnight).