Vulnerability Description
resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and possibly (2) a job file in /usr/spool/PBS/mom_priv/jobs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cluster Resources | Torque Resource Manager | <= 2.0.0p8 |
References
- http://csirt.fe.up.pt/docs/TORQUE-audit.pdf
- http://security.gentoo.org/glsa/glsa-200611-14.xml
- http://securityreason.com/securityalert/1820
- http://www.securityfocus.com/archive/1/449248/100/200/threaded
- http://www.securityfocus.com/bid/20632Patch
- http://www.vupen.com/english/advisories/2006/4651
- http://csirt.fe.up.pt/docs/TORQUE-audit.pdf
- http://security.gentoo.org/glsa/glsa-200611-14.xml
- http://securityreason.com/securityalert/1820
- http://www.securityfocus.com/archive/1/449248/100/200/threaded
- http://www.securityfocus.com/bid/20632Patch
- http://www.vupen.com/english/advisories/2006/4651
FAQ
What is CVE-2006-5677?
CVE-2006-5677 is a vulnerability with a CVSS score of 7.2 (HIGH). resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and pos...
How severe is CVE-2006-5677?
CVE-2006-5677 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5677?
Check the references section above for vendor advisories and patch information. Affected products include: Cluster Resources Torque Resource Manager.