CVE-2014-3684

Publication date 30 October 2014

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary processes via a crafted executable.

From the Ubuntu Security Team

It was discovered that TORQUE Resource Manager does not validate that the owner of the process also owns the adopted session id. A remote authenticated attacker could possibly use this to kill arbitrary processes.

Status

Package Ubuntu Release Status
torque 18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.10 yakkety
Not affected
16.04 LTS xenial
Not affected
15.10 wily
Not affected
15.04 vivid
Not affected
14.10 utopic Ignored end of life
14.04 LTS trusty
Fixed 2.4.16+dfsg-1.3ubuntu1.1
12.04 LTS precise
Fixed 2.4.16+dfsg-1+deb7u4build0.12.04.1
10.04 LTS lucid Ignored end of life