resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and possibly (2) a job file in /usr/spool/PBS/mom_priv/jobs.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Cluster Resources
  • Torque Resource Manager

Configuration 1 [-]

cpe:2.3:a:cluster_resources:torque_resource_manager:*:*:*:*:*:*:*:*

No data.

References
Link Providers
http://csirt.fe.up.pt/docs/TORQUE-audit.pdf cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200611-14.xml cve-icon cve-icon
http://securityreason.com/securityalert/1820 cve-icon cve-icon
http://www.securityfocus.com/archive/1/449248/100/200/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/20632 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/4651 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-03T11:00:00

Updated: 2024-08-07T19:55:53.904Z

Reserved: 2006-11-02T00:00:00

Link: CVE-2006-5677

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-11-03T11:07:00.000

Modified: 2018-10-17T21:44:11.550

Link: CVE-2006-5677

cve-icon Redhat

No data.