1. Home
  2. CVE Database
  3. CVE-2014-3684
MEDIUM · 6.8

CVE-2014-3684

The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the proc...

Vulnerability Description

The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary processes via a crafted executable.

CVSS Score

6.8

MEDIUM

AV:N/AC:L/Au:S/C:N/I:N/A:C
Confidentiality
NONE
Integrity
NONE
Availability
COMPLETE

Affected Products

VendorProductVersions
AdaptivecomputingTorque Resource Manager4.2.3

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2014-3684?

CVE-2014-3684 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the proc...

How severe is CVE-2014-3684?

CVE-2014-3684 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3684?

Check the references section above for vendor advisories and patch information. Affected products include: Adaptivecomputing Torque Resource Manager.