Bug 1026910 - (CVE-2013-4495) CVE-2013-4495 torque: arbitrary code execution via job submission
CVE-2013-4495 torque: arbitrary code execution via job submission
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1029752 1029754
Blocks: 1026918
  Show dependency treegraph
Reported: 2013-11-05 10:56 EST by Vincent Danen
Modified: 2015-08-24 12:02 EDT (History)
1 user (show)

See Also:
Fixed In Version: torque 4.2.6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-08-24 12:02:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2013-11-05 10:56:09 EST
The TORQUE pbs_server daemon was found to pass some user-input data to popen() in order to send an email.  Because pbs_server runs as root, this could allow an authenticated attacker to execute arbitrary code on the pbs_server host with root privileges.

The upstream 4.2.6 release corrects this flaw by forking and calling exec() to the sendmail program instead of passing the entire user-supplied string to popen().


Red Hat would like to thank David Beer of Adaptive Computer for reporting this issue.  Upstream acknowledges Matt Ezell of Oak Ridge National Labs as the original reporter.
Comment 2 Kurt Seifried 2013-11-13 01:23:00 EST
Created torque tracking bugs for this issue:

Affects: fedora-all [bug 1029752]
Affects: epel-all [bug 1029754]

Note You need to log in before you can comment on or make changes to this bug.