Fedora 15 : torque-3.0.1-4.fc15 (2011-8072)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

This update fixes a buffer overflow that could allow for remote
arbitrary code execution by a torque service. Credit to Bartlomiej
Balcerek - CVE-2011-2193.

Warning: Packages previous to torque-3.0.1-4.fc15 within Fedora 15
contained the empty file /var/lib/torque/server_priv/nodes . This file
is a listing of the nodes within your torque cluster and as such it
should survive intact with upgrades. This file has now been removed
from the package with torque-3.0.1-4.fc15 but it is essential that you
backup and restore this file before and then after installing
torque-3.0.1-4.fc15.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=711463
https://bugzilla.redhat.com/show_bug.cgi?id=713996
https://bugzilla.redhat.com/show_bug.cgi?id=716659
http://www.nessus.org/u?05f7ad3c

Solution :

Update the affected torque package.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 55578 ()

Bugtraq ID: 48374

CVE ID: CVE-2011-2193

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now