Adaptive Computing · Torque Resource Manager · CVE-2014-3684
**Name of the Vulnerable Software and Affected Versions**
TORQUE Resource Manager versions 5.0.x, 4.5.x, 4.2.x, and earlier
**Description**
The issue concerns the `tm adopt` function in the TORQUE Resource Manager, which fails to validate the ownership of the adopted session id. This allows remote authenticated users to kill arbitrary processes by executing a crafted executable.
**Recommendations**
For versions 5.0.x, 4.5.x, 4.2.x, and earlier, consider restricting access to the `tm adopt` function until a patch is available.
As a temporary workaround, limit the execution of crafted executables to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.