Vulnerability Description
The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adaptivecomputing | Torque Resource Manager | <= 4.2.5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/55535Vendor Advisory
- http://secunia.com/advisories/55622Vendor Advisory
- https://www.adaptivecomputing.com/wp-content/uploads/releasenotes/releaseNotes-4
- https://www.debian.org/security/2013/dsa-2796
- http://secunia.com/advisories/55535Vendor Advisory
- http://secunia.com/advisories/55622Vendor Advisory
- https://www.adaptivecomputing.com/wp-content/uploads/releasenotes/releaseNotes-4
- https://www.debian.org/security/2013/dsa-2796
FAQ
What is CVE-2013-4495?
CVE-2013-4495 is a vulnerability with a CVSS score of 10.0 (HIGH). The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via...
How severe is CVE-2013-4495?
CVE-2013-4495 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4495?
Check the references section above for vendor advisories and patch information. Affected products include: Adaptivecomputing Torque Resource Manager.