Cluster Resources Torque Resource Manager PBS_MOM不安全临时文件创建漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192977 漏洞类型 设计错误
发布时间 2006-10-19 更新时间 2006-11-22
CVE编号 CVE-2006-5677 CNNVD-ID CNNVD-200611-062
漏洞平台 N/A CVSS评分 7.2
|漏洞来源
https://www.securityfocus.com/bid/20632
https://cxsecurity.com/issue/WLB-2006110023
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-062
|漏洞详情
TORQUEResourceManager中的pbs_mom中的resmom/start_exec.c存在不安全临时文件创建漏洞。本地用户通过对(1)/usr/spool/PBS/spool中一个作业输出文件,以及可能对(2)/usr/spool/PBS/mom_priv/jobs中的作业文件发起symlink攻击来创建任意文件。
|漏洞EXP
Hello all,

Back in March i audited a software called TORQUE Resource Manager and found a
critical race condition vulnerability which could be used by malicious users to
escalate their privileges.

"TORQUE is an open source resource manager providing control over batch jobs and
distributed compute nodes. It is a community effort based on the original *PBS
project and, with more than 1,200 patches, has incorporated significant
advances in the areas of scalability, fault tolerance, and feature extensions
contributed by NCSA, OSC, USC , the U.S. Dept of Energy, Sandia, PNNL, U of
Buffalo, TeraGrid, and many other leading edge HPC organizations. This version
may be freely modified and redistributed subject to the constraints of the
included license."

This paper was submitted to "Cluster Resources INC", a great grid software
company which kindly supports the TORQUE Resource Manager (Open Source)
software. They where very helpfull and profissional. A big hug to their GREAT
team ;o)!!!

Iam now sharing the paper with the community:
http://csirt.fe.up.pt/docs/TORQUE-audit.pdf

PS: sorry for the PDF but the report is 13 pages long...

Best regards,
+----------------------------------------
| Lus Miguel Ferreira da Silva
| Network Administrator @ISPGaya
| Instituto Superior Politcnico Gaya
| Rua Antnio Rodrigues da Rocha, 291/341
| Sto. Ovdio ? 4400-025 V. N. de Gaia
| Tel: +351 223745730/3/5
| GSM: +351 912671471
+----------------------------------------

----------------------------------------------------------------
Este email foi enviado via o webmail do ISPGaya
Instituto Superior Politcnico Gaya
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.2 (GNU/Linux)

mQGiBEIbV7ARBACvJuXZEr4R4lN5xBW25YF1+ANIOg073Axak+3cYKSAvKeB3R7V
DB6CBHyGFdkz12UkOnsscFNl/Xhq88zN3HY+nauXOE+FhPR8U6mCfjcYzKZI6Ds7
IY0dSKss+y+lF2cF+X7Pk3/ZctVuf6U+9XkE8WgH81uHyABMJk2g6l9ukwCgpQ8K
aT1z8ss6/6crViYhARYJ95UD/RvIb3cvGv1CKQLifOzuVYgIW3cJ8IKXAaj0jej1
IwgfBWQylqER1bpp6tkXKKe7a8uSXc6FnsrjeIVZ7CE+jzjjk26JOyOBeMs/PTke
FE8lUE762Bpq2W/COOvd0hhMbSezPso62hY0F9IyTzfQEG2qp+AwybVU/3JVeD2b
0BWIA/0UnP14KZk1CUu1WQAK6oXQXu6YA/2KHSx7/oKinoe3IlxvnMmhmvKys+9Q
rCHhKdrs+oOL5DYMDmp8U+BJqsQJTCXSy/CGoqkir9wqC4F1mJ+26GI7v4qh7kcP
KDr/T6QiIke10zj/QrfwouNVfEGiKN853lZ0tT6EvgzoEjelKrQiTHXtcyBNaWd1
ZWwgU2lsdmEgPGxtc0Bpc3BnYXlhLnB0PohbBBMRAgAbBQJCG1ewBgsJCAcDAgMV
AgMDFgIBAh4BAheAAAoJENXZ+CTczFd8zz0An3U23TsDq1WxOdr9Dg2xNN/Clx+o
AJ4+aDugmROM19RAwZmBu8F3Fy08OrkCDQRCG1e3EAgAjpHHgRg+5qiC6e9eAktV
u7pRfFZhwJyqMDKigkJAIN5iDmB49CfFEJVqlAUeHduNgy6kgaI2BlDXxDs0tnG7
CWjjYc+/mwmO3aAMDWp0ca5PUEnQfKZunfekPLLHc26/Lo9RfMfCcodHpVfVuWMt
Bie4GCwiN/Aq4/fiQJ7my1uF1PEZllxi8FpH5+6OidlSY0Vg2T7KAkqmMgNrF2o0
Av5VL23QB+70Ff91FnlcgJQXNPhhG4fGLUiRgBiKjhARTzf5L1GeLtyh/sfw73nm
iKXpbHUkGhX9UhbApzREGmpfh+MZBW8W6YFqys2zoo5ejePGyeIubiHw3sgAiAPd
LwADBQf/RnDjS6oTX8seTr82XgPK5K9ipWtsqi/ysVSPanoDL3c1TbR7KKPLY2fj
lbuOJ6k+WWibD4B5PmMLM00Kpo9xFYcAJTGeIDCykXap7MPDpQPflIxMpYbZXZ3G
GmdBBerihPz8f4iYqWcl/YXsxs8Z5GMxYhOMIU6P/9dGhEBUJb98lPAeJPrnlWby
5P4VrkSC/4PpK93KEjvSSdYxTQOmaJpmMkwNcjDTT+eNftJ/d8JNXHmGw5p1WHBv
2xNKWSQtyrT3GTXLM9AmbhbZtIUegguiaasgxVW+WZsBS0vDU8+GI0Wk96ih10q2
C7DRrmQCjSTPqZhv+qL8EQeUMqoYBIhGBBgRAgAGBQJCG1e3AAoJENXZ+CTczFd8
ySoAn2g7VU0x03UveIfGP6P340EMmoI0AJ9w4I62OY41Y5rHwoDZOgifGniEyw==
=DqCm
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.2 (GNU/Linux)

mQGiBEIbV7ARBACvJuXZEr4R4lN5xBW25YF1+ANIOg073Axak+3cYKSAvKeB3R7V
DB6CBHyGFdkz12UkOnsscFNl/Xhq88zN3HY+nauXOE+FhPR8U6mCfjcYzKZI6Ds7
IY0dSKss+y+lF2cF+X7Pk3/ZctVuf6U+9XkE8WgH81uHyABMJk2g6l9ukwCgpQ8K
aT1z8ss6/6crViYhARYJ95UD/RvIb3cvGv1CKQLifOzuVYgIW3cJ8IKXAaj0jej1
IwgfBWQylqER1bpp6tkXKKe7a8uSXc6FnsrjeIVZ7CE+jzjjk26JOyOBeMs/PTke
FE8lUE762Bpq2W/COOvd0hhMbSezPso62hY0F9IyTzfQEG2qp+AwybVU/3JVeD2b
0BWIA/0UnP14KZk1CUu1WQAK6oXQXu6YA/2KHSx7/oKinoe3IlxvnMmhmvKys+9Q
rCHhKdrs+oOL5DYMDmp8U+BJqsQJTCXSy/CGoqkir9wqC4F1mJ+26GI7v4qh7kcP
KDr/T6QiIke10zj/QrfwouNVfEGiKN853lZ0tT6EvgzoEjelKrQiTHXtcyBNaWd1
ZWwgU2lsdmEgPGxtc0Bpc3BnYXlhLnB0PohbBBMRAgAbBQJCG1ewBgsJCAcDAgMV
AgMDFgIBAh4BAheAAAoJENXZ+CTczFd8zz0An3U23TsDq1WxOdr9Dg2xNN/Clx+o
AJ4+aDugmROM19RAwZmBu8F3Fy08OrkCDQRCG1e3EAgAjpHHgRg+5qiC6e9eAktV
u7pRfFZhwJyqMDKigkJAIN5iDmB49CfFEJVqlAUeHduNgy6kgaI2BlDXxDs0tnG7
CWjjYc+/mwmO3aAMDWp0ca5PUEnQfKZunfekPLLHc26/Lo9RfMfCcodHpVfVuWMt
Bie4GCwiN/Aq4/fiQJ7my1uF1PEZllxi8FpH5+6OidlSY0Vg2T7KAkqmMgNrF2o0
Av5VL23QB+70Ff91FnlcgJQXNPhhG4fGLUiRgBiKjhARTzf5L1GeLtyh/sfw73nm
iKXpbHUkGhX9UhbApzREGmpfh+MZBW8W6YFqys2zoo5ejePGyeIubiHw3sgAiAPd
LwADBQf/RnDjS6oTX8seTr82XgPK5K9ipWtsqi/ysVSPanoDL3c1TbR7KKPLY2fj
lbuOJ6k+WWibD4B5PmMLM00Kpo9xFYcAJTGeIDCykXap7MPDpQPflIxMpYbZXZ3G
GmdBBerihPz8f4iYqWcl/YXsxs8Z5GMxYhOMIU6P/9dGhEBUJb98lPAeJPrnlWby
5P4VrkSC/4PpK93KEjvSSdYxTQOmaJpmMkwNcjDTT+eNftJ/d8JNXHmGw5p1WHBv
2xNKWSQtyrT3GTXLM9AmbhbZtIUegguiaasgxVW+WZsBS0vDU8+GI0Wk96ih10q2
C7DRrmQCjSTPqZhv+qL8EQeUMqoYBIhGBBgRAgAGBQJCG1e3AAoJENXZ+CTczFd8
ySoAn2g7VU0x03UveIfGP6P340EMmoI0AJ9w4I62OY41Y5rHwoDZOgifGniEyw==
=DqCm
-----END PGP PUBLIC KEY BLOCK-----
|受影响的产品
Gentoo Linux Cluster Resources TORQUE Resource Manager 2.0 p8
|参考资料

来源:BID
名称:20632
链接:http://www.securityfocus.com/bid/20632
来源:BUGTRAQ
名称:20061018TORQUESpoolJobRacecondition(torque<=2.0.0p8)
链接:http://www.securityfocus.com/archive/1/archive/1/449248/100/200/threaded
来源:MISC
链接:http://csirt.fe.up.pt/docs/TORQUE-audit.pdf
来源:VUPEN
名称:ADV-2006-4651
链接:http://www.frsirt.com/english/advisories/2006/4651
来源:SREASON
名称:1820
链接:http://securityreason.com/securityalert/1820
来源:GENTOO
名称:GLSA-200611-14
链接:http://security.gentoo.org/glsa/glsa-200611-14.xml