John

John

  • Joined: 2021-12-18
  • Articles: 22

Torque 2.5.13 Buffer Overflow (CVE-2014-0749)

A buffer overflow exists in older versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective. This issue is exploitable in all versions of the 2.5 branch, up to and including 2.5.13.

Cray Aprun/Apinit Privilege Escalation (CVE-2014-0748)

The apinit service does not safely validate messages supplied to it through the use of aprun. Users of Cray systems are able to exploit this weakness in order to execute commands on the compute nodes of a Cray supercomputer as arbitrary users, including root (UID 0).