Detections
Analytics

Debian DSA-2329-1 : torque - buffer overflow

high Nessus Plugin ID 56662

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Bartlomiej Balcerek discovered several buffer overflows in TORQUE server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names.

The oldstable distribution (lenny) does not contain torque.

Solution

Upgrade the torque packages.

For the stable distribution (squeeze), this problem has been fixed in version 2.4.8+dfsg-9squeeze1.

See Also

https://packages.debian.org/source/squeeze/torque

https://www.debian.org/security/2011/dsa-2329

Plugin Details

Severity: High

ID: 56662

File Name: debian_DSA-2329.nasl

Version: 1.10

Type: local

Agent: unix

Published: 10/28/2011

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:torque, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 10/27/2011

Reference Information

CVE: CVE-2011-2193

BID: 48374

DSA: 2329