BID:50939

Torque 'pbs_server' Authentication Bypass Vulnerability

Info

Torque 'pbs_server' Authentication Bypass Vulnerability

Bugtraq ID:	50939
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 06 2011 12:00AM
Updated:	May 07 2015 05:20PM
Credit:	Disclosed in Fedora security advisory.
Vulnerable:	Cluster Resources Torque 3.0.1 Cluster Resources Torque 3.0.2

Not Vulnerable:	Cluster Resources Torque 3.0.3

Discussion

Torque 'pbs_server' Authentication Bypass Vulnerability

Torque is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to impersonate other users present within the torque batch system. This may lead to further attacks.

Exploit / POC

Torque 'pbs_server' Authentication Bypass Vulnerability

An attacker can use readily available tools to exploit this issue.

Solution / Fix

Torque 'pbs_server' Authentication Bypass Vulnerability

Solution:
The vendor has released updates. Please see the references for details.

References

Torque 'pbs_server' Authentication Bypass Vulnerability

References:

TORQUE Homepage (Cluster Resources)