CVE-2014-3684

Name of the Vulnerable Software and Affected Versions TORQUE Resource Manager versions 5.0.x, 4.5.x, 4.2.x, and earlier

Description The issue concerns the tm adopt function in the TORQUE Resource Manager, which fails to validate the ownership of the adopted session id. This allows remote authenticated users to kill arbitrary processes by executing a crafted executable.

Recommendations For versions 5.0.x, 4.5.x, 4.2.x, and earlier, consider restricting access to the tm adopt function until a patch is available. As a temporary workaround, limit the execution of crafted executables to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.