CVE-2011-2907

Name of the Vulnerable Software and Affected Versions Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) versions 3.0.1 and earlier

Description The issue allows remote attackers to bypass host-based authentication and submit arbitrary jobs. This is achieved by modifying the PBS O HOST variable and submitting it to the qsub program.

Recommendations For versions 3.0.1 and earlier, consider restricting access to the qsub program to prevent arbitrary job submissions until a fix is available. As a temporary workaround, monitor and limit modifications to the PBS O HOST variable to minimize the risk of exploitation.