TORQUE Spool Job Race condition (torque <= 2.0.0p8)

2006.11.07
Credit: Lus Miguel Ferreira da Silva
Risk: High
Local: Yes
Remote: No
CVE: CVE-2006-5677
CWE: CWE-Other


CVSS Base Score: 7.2/10
Impact Subscore: 10/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Hello all, Back in March i audited a software called TORQUE Resource Manager and found a critical race condition vulnerability which could be used by malicious users to escalate their privileges. "TORQUE is an open source resource manager providing control over batch jobs and distributed compute nodes. It is a community effort based on the original *PBS project and, with more than 1,200 patches, has incorporated significant advances in the areas of scalability, fault tolerance, and feature extensions contributed by NCSA, OSC, USC , the U.S. Dept of Energy, Sandia, PNNL, U of Buffalo, TeraGrid, and many other leading edge HPC organizations. This version may be freely modified and redistributed subject to the constraints of the included license." This paper was submitted to "Cluster Resources INC", a great grid software company which kindly supports the TORQUE Resource Manager (Open Source) software. They where very helpfull and profissional. A big hug to their GREAT team ;o)!!! Iam now sharing the paper with the community: http://csirt.fe.up.pt/docs/TORQUE-audit.pdf PS: sorry for the PDF but the report is 13 pages long... Best regards, +---------------------------------------- | Lus Miguel Ferreira da Silva | Network Administrator @ISPGaya | Instituto Superior Politcnico Gaya | Rua Antnio Rodrigues da Rocha, 291/341 | Sto. Ovdio ? 4400-025 V. N. de Gaia | Tel: +351 223745730/3/5 | GSM: +351 912671471 +---------------------------------------- ---------------------------------------------------------------- Este email foi enviado via o webmail do ISPGaya Instituto Superior Politcnico Gaya -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.2 (GNU/Linux) mQGiBEIbV7ARBACvJuXZEr4R4lN5xBW25YF1+ANIOg073Axak+3cYKSAvKeB3R7V DB6CBHyGFdkz12UkOnsscFNl/Xhq88zN3HY+nauXOE+FhPR8U6mCfjcYzKZI6Ds7 IY0dSKss+y+lF2cF+X7Pk3/ZctVuf6U+9XkE8WgH81uHyABMJk2g6l9ukwCgpQ8K aT1z8ss6/6crViYhARYJ95UD/RvIb3cvGv1CKQLifOzuVYgIW3cJ8IKXAaj0jej1 IwgfBWQylqER1bpp6tkXKKe7a8uSXc6FnsrjeIVZ7CE+jzjjk26JOyOBeMs/PTke FE8lUE762Bpq2W/COOvd0hhMbSezPso62hY0F9IyTzfQEG2qp+AwybVU/3JVeD2b 0BWIA/0UnP14KZk1CUu1WQAK6oXQXu6YA/2KHSx7/oKinoe3IlxvnMmhmvKys+9Q rCHhKdrs+oOL5DYMDmp8U+BJqsQJTCXSy/CGoqkir9wqC4F1mJ+26GI7v4qh7kcP KDr/T6QiIke10zj/QrfwouNVfEGiKN853lZ0tT6EvgzoEjelKrQiTHXtcyBNaWd1 ZWwgU2lsdmEgPGxtc0Bpc3BnYXlhLnB0PohbBBMRAgAbBQJCG1ewBgsJCAcDAgMV AgMDFgIBAh4BAheAAAoJENXZ+CTczFd8zz0An3U23TsDq1WxOdr9Dg2xNN/Clx+o AJ4+aDugmROM19RAwZmBu8F3Fy08OrkCDQRCG1e3EAgAjpHHgRg+5qiC6e9eAktV u7pRfFZhwJyqMDKigkJAIN5iDmB49CfFEJVqlAUeHduNgy6kgaI2BlDXxDs0tnG7 CWjjYc+/mwmO3aAMDWp0ca5PUEnQfKZunfekPLLHc26/Lo9RfMfCcodHpVfVuWMt Bie4GCwiN/Aq4/fiQJ7my1uF1PEZllxi8FpH5+6OidlSY0Vg2T7KAkqmMgNrF2o0 Av5VL23QB+70Ff91FnlcgJQXNPhhG4fGLUiRgBiKjhARTzf5L1GeLtyh/sfw73nm iKXpbHUkGhX9UhbApzREGmpfh+MZBW8W6YFqys2zoo5ejePGyeIubiHw3sgAiAPd LwADBQf/RnDjS6oTX8seTr82XgPK5K9ipWtsqi/ysVSPanoDL3c1TbR7KKPLY2fj lbuOJ6k+WWibD4B5PmMLM00Kpo9xFYcAJTGeIDCykXap7MPDpQPflIxMpYbZXZ3G GmdBBerihPz8f4iYqWcl/YXsxs8Z5GMxYhOMIU6P/9dGhEBUJb98lPAeJPrnlWby 5P4VrkSC/4PpK93KEjvSSdYxTQOmaJpmMkwNcjDTT+eNftJ/d8JNXHmGw5p1WHBv 2xNKWSQtyrT3GTXLM9AmbhbZtIUegguiaasgxVW+WZsBS0vDU8+GI0Wk96ih10q2 C7DRrmQCjSTPqZhv+qL8EQeUMqoYBIhGBBgRAgAGBQJCG1e3AAoJENXZ+CTczFd8 ySoAn2g7VU0x03UveIfGP6P340EMmoI0AJ9w4I62OY41Y5rHwoDZOgifGniEyw== =DqCm -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.2 (GNU/Linux) mQGiBEIbV7ARBACvJuXZEr4R4lN5xBW25YF1+ANIOg073Axak+3cYKSAvKeB3R7V DB6CBHyGFdkz12UkOnsscFNl/Xhq88zN3HY+nauXOE+FhPR8U6mCfjcYzKZI6Ds7 IY0dSKss+y+lF2cF+X7Pk3/ZctVuf6U+9XkE8WgH81uHyABMJk2g6l9ukwCgpQ8K aT1z8ss6/6crViYhARYJ95UD/RvIb3cvGv1CKQLifOzuVYgIW3cJ8IKXAaj0jej1 IwgfBWQylqER1bpp6tkXKKe7a8uSXc6FnsrjeIVZ7CE+jzjjk26JOyOBeMs/PTke FE8lUE762Bpq2W/COOvd0hhMbSezPso62hY0F9IyTzfQEG2qp+AwybVU/3JVeD2b 0BWIA/0UnP14KZk1CUu1WQAK6oXQXu6YA/2KHSx7/oKinoe3IlxvnMmhmvKys+9Q rCHhKdrs+oOL5DYMDmp8U+BJqsQJTCXSy/CGoqkir9wqC4F1mJ+26GI7v4qh7kcP KDr/T6QiIke10zj/QrfwouNVfEGiKN853lZ0tT6EvgzoEjelKrQiTHXtcyBNaWd1 ZWwgU2lsdmEgPGxtc0Bpc3BnYXlhLnB0PohbBBMRAgAbBQJCG1ewBgsJCAcDAgMV AgMDFgIBAh4BAheAAAoJENXZ+CTczFd8zz0An3U23TsDq1WxOdr9Dg2xNN/Clx+o AJ4+aDugmROM19RAwZmBu8F3Fy08OrkCDQRCG1e3EAgAjpHHgRg+5qiC6e9eAktV u7pRfFZhwJyqMDKigkJAIN5iDmB49CfFEJVqlAUeHduNgy6kgaI2BlDXxDs0tnG7 CWjjYc+/mwmO3aAMDWp0ca5PUEnQfKZunfekPLLHc26/Lo9RfMfCcodHpVfVuWMt Bie4GCwiN/Aq4/fiQJ7my1uF1PEZllxi8FpH5+6OidlSY0Vg2T7KAkqmMgNrF2o0 Av5VL23QB+70Ff91FnlcgJQXNPhhG4fGLUiRgBiKjhARTzf5L1GeLtyh/sfw73nm iKXpbHUkGhX9UhbApzREGmpfh+MZBW8W6YFqys2zoo5ejePGyeIubiHw3sgAiAPd LwADBQf/RnDjS6oTX8seTr82XgPK5K9ipWtsqi/ysVSPanoDL3c1TbR7KKPLY2fj lbuOJ6k+WWibD4B5PmMLM00Kpo9xFYcAJTGeIDCykXap7MPDpQPflIxMpYbZXZ3G GmdBBerihPz8f4iYqWcl/YXsxs8Z5GMxYhOMIU6P/9dGhEBUJb98lPAeJPrnlWby 5P4VrkSC/4PpK93KEjvSSdYxTQOmaJpmMkwNcjDTT+eNftJ/d8JNXHmGw5p1WHBv 2xNKWSQtyrT3GTXLM9AmbhbZtIUegguiaasgxVW+WZsBS0vDU8+GI0Wk96ih10q2 C7DRrmQCjSTPqZhv+qL8EQeUMqoYBIhGBBgRAgAGBQJCG1e3AAoJENXZ+CTczFd8 ySoAn2g7VU0x03UveIfGP6P340EMmoI0AJ9w4I62OY41Y5rHwoDZOgifGniEyw== =DqCm -----END PGP PUBLIC KEY BLOCK-----


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top