Vulnerability Details : CVE-2011-2193
Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff.
Vulnerability category: Overflow
Products affected by CVE-2011-2193
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.0p11:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:3.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2193
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2193
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2011-2193
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2193
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68151
TORQUE Resource Manager job names buffer overflow CVE-2011-2193 Vulnerability Report
-
http://www.debian.org/security/2011/dsa-2329
Debian -- Security Information -- DSA-2329-1 torque
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html
[SECURITY] Fedora 14 Update: torque-2.4.11-2.fc14
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68152
TORQUE Resource Manager hostnames buffer overflow CVE-2011-2193 Vulnerability Report
-
http://www.securityfocus.com/archive/1/518885/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/48374
torque 'job name' Argument Remote Buffer Overflow Vulnerability
-
http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG
Page not found
-
https://bugzilla.redhat.com/show_bug.cgi?id=711463
711463 – (CVE-2011-2193) CVE-2011-2193 Torque Server Buffer Overflow VulnerabilityPatch
-
http://securityreason.com/securityalert/8304
Torque Server Buffer Overflow Vulnerability - CXSecurity.com
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html
[SECURITY] Fedora 15 Update: torque-3.0.1-4.fc15
-
http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG
Page not found
Jump to