Executive Summary

Name MDVSA-2013:268 First vendor Publication 2013-11-19
Vendor Mandriva Last vendor Modification 2013-11-19
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Updated torque packages fix security vulnerability:

A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbs_server (CVE-2013-4495).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:268

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19859
Oval ID: oval:org.mitre.oval:def:19859
Title: DSA-2796-1 torque - arbitrary code execution
Description: Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system.
Family: unix Class: patch
Reference(s): DSA-2796-1
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Product(s): torque
Definition Synopsis:

CPE : Common Platform Enumeration

Application 77

Nessus® Vulnerability Scanner

Date Description
2014-12-29 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-47.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11989.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12059.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote Fedora host is missing a security update.
File : fedora_2014-10153.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2796.nasl - Type : ACT_GATHER_INFO
2013-11-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-268.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 11:44:07
  • Multiple Updates
2013-11-21 17:18:43
  • First insertion