Bugtraq mailing list archives
TORQUE Spool Job Race condition (torque <= 2.0.0p8)
From: Luís Miguel Silva <lms () ispgaya pt>
Date: Wed, 18 Oct 2006 23:45:16 +0100
Hello all, Back in March i audited a software called TORQUE Resource Manager and found a critical race condition vulnerability which could be used by malicious users to escalate their privileges. "TORQUE is an open source resource manager providing control over batch jobs and distributed compute nodes. It is a community effort based on the original *PBS project and, with more than 1,200 patches, has incorporated significant advances in the areas of scalability, fault tolerance, and feature extensions contributed by NCSA, OSC, USC , the U.S. Dept of Energy, Sandia, PNNL, U of Buffalo, TeraGrid, and many other leading edge HPC organizations. This version may be freely modified and redistributed subject to the constraints of the included license." This paper was submitted to "Cluster Resources INC", a great grid software company which kindly supports the TORQUE Resource Manager (Open Source) software. They where very helpfull and profissional. A big hug to their GREAT team ;o)!!! Iam now sharing the paper with the community: http://csirt.fe.up.pt/docs/TORQUE-audit.pdf PS: sorry for the PDF but the report is 13 pages long... Best regards, +---------------------------------------- | Luís Miguel Ferreira da Silva | Network Administrator @ISPGaya | Instituto Superior Politécnico Gaya | Rua António Rodrigues da Rocha, 291/341 | Sto. Ovídio 4400-025 V. N. de Gaia | Tel: +351 223745730/3/5 | GSM: +351 912671471 +---------------------------------------- ---------------------------------------------------------------- Este email foi enviado via o webmail do ISPGaya Instituto Superior Politécnico Gaya
Attachment:
_bin
Description: PGP Public Key
Attachment:
_bin
Description: PGP Public Key
Current thread:
- TORQUE Spool Job Race condition (torque <= 2.0.0p8) Luís Miguel Silva (Oct 19)