Detections
Analytics

Fedora 15 : torque-3.0.1-4.fc15 (2011-8072)

high Nessus Plugin ID 55578

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

This update fixes a buffer overflow that could allow for remote arbitrary code execution by a torque service. Credit to Bartlomiej Balcerek - CVE-2011-2193.

Warning: Packages previous to torque-3.0.1-4.fc15 within Fedora 15 contained the empty file /var/lib/torque/server_priv/nodes . This file is a listing of the nodes within your torque cluster and as such it should survive intact with upgrades. This file has now been removed from the package with torque-3.0.1-4.fc15 but it is essential that you backup and restore this file before and then after installing torque-3.0.1-4.fc15.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected torque package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=711463

https://bugzilla.redhat.com/show_bug.cgi?id=713996

https://bugzilla.redhat.com/show_bug.cgi?id=716659

http://www.nessus.org/u?05f7ad3c

Plugin Details

Severity: High

ID: 55578

File Name: fedora_2011-8072.nasl

Version: 1.10

Type: local

Agent: unix

Published: 7/13/2011

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:torque, cpe:/o:fedoraproject:fedora:15

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/10/2011

Reference Information

CVE: CVE-2011-2193

BID: 48374

FEDORA: 2011-8072