DSA-2796-1 torque -- arbitrary code executionID: oval:org.secpod.oval:def:601145 | Date: (C)2014-01-08 (M)2022-10-10 |
Class: PATCH | Family: unix |
Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system. A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbs_server.
Platform: |
Debian 7.0 |
Debian 6.0 |