Joined: 12 May 2004
|Posted: Mon Nov 20, 2006 9:26 pm Post subject: [ GLSA 200611-14 ] TORQUE: Insecure temporary file creation
|Gentoo Linux Security Advisory
Title: TORQUE: Insecure temporary file creation (GLSA 200611-14)
Date: November 20, 2006
Updated: November 24, 2006
TORQUE creates temporary files in an insecure manner which could lead to
the execution of arbitrary code with elevated privileges.
TORQUE is a resource manager providing control over batch jobs and
distributed compute nodes.
Vulnerable: < 2.1.6
Unaffected: >= 2.1.6
Architectures: All supported architectures
TORQUE creates temporary files with predictable names. Please note that
the TORQUE package shipped in Gentoo Portage is not vulnerable in the
default configuration. Only systems with more permissive access rights
to the spool directory are vulnerable.
A local attacker could create links in the temporary file directory,
pointing to a valid file somewhere on the filesystem. This could lead
to the execution of arbitrary code with elevated privileges.
Ensure that untrusted users don't have write access to the spool
All TORQUE users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-cluster/torque-2.1.6"
Last edited by GLSA on Thu Mar 06, 2014 4:24 am; edited 3 times in total