Vulnerability Details : CVE-2011-2907
Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program.
Vulnerability category: BypassGain privilege
Products affected by CVE-2011-2907
- cpe:2.3:a:clusterresources:torque_resource_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.0p11:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:3.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2907
1.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2907
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-2907
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2907
-
http://www.clusterresources.com/pipermail/torqueusers/2011-August/013194.html
[torqueusers] [torquedev] TORQUE authorization security vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=713090
713090 – (CVE-2011-2907) CVE-2011-2907 torque: Authorization Bypass Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/69138
TORQUE Resource Manager PBS_O_HOST security bypass CVE-2011-2907 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2011/08/11/1
oss-security - CVE-2011-2907: authentication bypass in torque
-
https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296
SVG:Advisory-SVG-2011-2296 - EGIWiki
-
http://www.securityfocus.com/bid/49119
Torque Server Security Bypass Vulnerability
Jump to