[torqueusers] [torquedev] TORQUE authorization security vulnerability

Steve Traylen steve.traylen at cern.ch
Wed Aug 10 11:17:08 MDT 2011


On Tue, Aug 9, 2011 at 9:43 PM, Ken Nielson
<knielson at adaptivecomputing.com> wrote:
> I do not know how wide spread this is but there is a security vulnerability in the TORQUE authorization between client and server when using the default authorization method. Using MUNGE closes this hole but we would like to add an additional, more universal secure authorization method.
>

CVE-2011-2907

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2907

has now been reserved for this security vulnerability. Nothing to
actually see there
yet.

Steve.




-- 
Steve Traylen


More information about the torqueusers mailing list