[torqueusers] CVE-2013-4495

David Beer dbeer at adaptivecomputing.com
Wed Nov 13 10:52:39 MST 2013


All,

We'd like to announce the fixing of CVE-2013-4495. This security hole has
to do with users submitting executable bash commands on the tail of what is
passed with the -M switch for qsub. This was later passed to a pipe, making
it possible for these commands to executed. This has been resolved with the
release of 4.2.6, and we recommend patching pbs_server or upgrading
immediately.

For those not able to upgrade, here are the relevant changesets:
4.1: 2aad72c3d2ac612ecbb66828ac6ed5ab51eff5f3
2.5: 8246d96
2.4: attached to this email

Please contact me or reply to this email with any questions.

-- 
David Beer | Senior Software Engineer
Adaptive Computing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.supercluster.org/pipermail/torqueusers/attachments/20131113/bbd6c305/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 24mail_secure.patch
Type: text/x-patch
Size: 9935 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20131113/bbd6c305/attachment-0001.bin 


More information about the torqueusers mailing list