CVE-2011-2907

TORQUE Resource Manager < 3.0.1 - Unauthenticated Job Submission via PBS_O_HOST Variable

Title source: llm
STIX 2.1

Description

Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program.

References (7)

Core 7
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=713090
Third Party Advisory x_refsource_misc
https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49119
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45524
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69138
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/11/1

Scores

EPSS 0.0288
EPSS Percentile 85.1%

Details

CWE
CWE-287
Status published
Products (46)
clusterresources/torque_resource_manager 2.1.0
clusterresources/torque_resource_manager 2.1.0p11
clusterresources/torque_resource_manager 2.1.1
clusterresources/torque_resource_manager 2.1.2
clusterresources/torque_resource_manager 2.1.3
clusterresources/torque_resource_manager 2.1.6
clusterresources/torque_resource_manager 2.1.7
clusterresources/torque_resource_manager 2.1.8
clusterresources/torque_resource_manager 2.1.9
clusterresources/torque_resource_manager 2.1.10
... and 36 more
Published Aug 15, 2011
Tracked Since Feb 18, 2026