Vulnerability Details : CVE-2011-4925
Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors.
Products affected by CVE-2011-4925
- cpe:2.3:a:cluster_resources:torque_resource_manager:2.0.0p6:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.2.0p6:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.2.0p5:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.1.0p5:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.1.0p4:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.0.1p3:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.0.1p2:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:2.0.0p1:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:2.0.0p0:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.2.0p0:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.1.0p6:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.0.1p6:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.0.1p5:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.0.1p4:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:2.0.0p3:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:2.0.0p2:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.2.0p2:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.2.0p1:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.1.0p1:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.1.0p0:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:2.0.0p5:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:2.0.0p4:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.2.0p4:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.2.0p3:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.1.0p3:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.1.0p2:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.0.1p1:*:*:*:*:*:*:*
- cpe:2.3:a:cluster_resources:torque_resource_manager:1.0.1p0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.1.0p0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterresources:torque_resource_manager:2.5.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4925
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4925
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:N |
6.8
|
4.9
|
NIST |
CWE ids for CVE-2011-4925
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4925
-
http://openwall.com/lists/oss-security/2012/01/05/1
oss-security - CVE request: TORQUE Munge Authentication Security Bypass
-
http://www.adaptivecomputing.com/resources/docs/torque/3-0-3/changelog.php#259
Page not found
-
http://openwall.com/lists/oss-security/2012/01/05/9
oss-security - Re: CVE request: TORQUE Munge Authentication Security BypassPatch
-
http://secunia.com/advisories/47381
Sign inVendor Advisory
-
http://www.securityfocus.com/bid/51224
Torque Munge Authentication Bypass Vulnerability
Jump to