[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3684Date: (C)2014-10-30   (M)2023-12-22


The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary processes via a crafted executable.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.0
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECUNIA-61350
SECUNIA-61960
DSA-3058
FEDORA-2015-8544
FEDORA-2015-8571
FEDORA-2015-8577
MDVSA-2015:124
http://openwall.com/lists/oss-security/2014/10/02/44
http://openwall.com/lists/oss-security/2014/10/02/45
http://advisories.mageia.org/MGASA-2014-0408.html

CPE    11
cpe:/a:adaptivecomputing:torque_resource_manager:4.2.4.1
cpe:/a:adaptivecomputing:torque_resource_manager:4.2.3.1
cpe:/a:adaptivecomputing:torque_resource_manager:4.2.6.1
cpe:/a:adaptivecomputing:torque_resource_manager:4.2.9
...
CWE    1
CWE-264
OVAL    4
oval:org.secpod.oval:def:109137
oval:org.secpod.oval:def:109148
oval:org.secpod.oval:def:601817
oval:org.secpod.oval:def:109124
...

© SecPod Technologies