Back to search
CVE-2014-3684
Published: Oct 30, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary processes via a crafted executable.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2015-8577
vendor-advisory
x_refsource_FEDORA
[oss-security] 20141003 Re: tm_adopt() vulnerability in TORQUE Resource Manager
mailing-list
x_refsource_MLIST
http://advisories.mageia.org/MGASA-2014-0408.html
x_refsource_CONFIRM
FEDORA-2015-8544
vendor-advisory
x_refsource_FEDORA
61960
third-party-advisory
x_refsource_SECUNIA
FEDORA-2015-8571
vendor-advisory
x_refsource_FEDORA
DSA-3058
vendor-advisory
x_refsource_DEBIAN
MDVSA-2015:124
vendor-advisory
x_refsource_MANDRIVA
[oss-security] 20141002 tm_adopt() vulnerability in TORQUE Resource Manager
mailing-list
x_refsource_MLIST
61350
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now