More info at $URL
Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource
Manager) 3.0.1 and earlier allows remote attackers to bypass host-based
authentication and submit arbitrary jobs via a modified PBS_O_HOST variable
to the qsub program.
Upstream says that is fixed in 2.5.9
Related: Bug 390167
Added to existing GLSA Request
All vulnerable versions gone, GLSA issued?
This issue was resolved and addressed in
GLSA 201412-47 at http://security.gentoo.org/glsa/glsa-201412-47.xml
by GLSA coordinator Yury German (BlueKnight).