CVE-2014-0749
published 2014-05-16CVE-2014-0749: Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13…
PriorityP268critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
17.46%
96.7th percentile
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | — | — |
| adaptivecomputing | torque_resource_manager | >= 0 < 2.4.16+dfsg-1.3ubuntu1.1 | 2.4.16+dfsg-1.3ubuntu1.1 |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\xc0\x18\x76\xf7\xff\x7f\x00\x00
- →The overflow is triggered when a crafted request supplies a 'count' value larger than the small stack buffer (offset ~143 bytes) in disrsi_.c, causing memcpy() to overwrite the stack. Detect anomalously large count values in DIS protocol traffic on port 15001. ↗
- →The exploit sends a packet with 140 null bytes of padding followed by an 8-byte return address overwrite. Look for TCP stream payloads to port 15001 containing long NUL-byte runs followed by non-null 8-byte sequences. ↗
- →The vulnerability is exploitable from an unauthenticated remote perspective, so any unauthenticated connection to the TORQUE pbs_server/mom port (15001/tcp) sending oversized DIS count fields should be treated as suspicious. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vpg2-8g7f-3vh6: Stack-based buffer overflow in lib/Libdis/disrsi_
ghsa_unreviewed·2022-05-14
CVE-2014-0749 [HIGH] CWE-119 GHSA-vpg2-8g7f-3vh6: Stack-based buffer overflow in lib/Libdis/disrsi_
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.
OSV
CVE-2014-0749: Stack-based buffer overflow in lib/Libdis/disrsi_
osv·2014-05-16·CVSS 10.0
CVE-2014-0749 [CRITICAL] CVE-2014-0749: Stack-based buffer overflow in lib/Libdis/disrsi_
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.
No detection rules found.
Bugzilla
CVE-2014-0749 torque: buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective [epel-all]
bugzilla·2014-05-16·CVSS 10.0
CVE-2014-0749 [CRITICAL] CVE-2014-0749 torque: buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective [epel-all]
CVE-2014-0749 torque: buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed
Bugzilla
CVE-2014-0749 torque: buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective [epel-all]
bugzilla·2014-05-16·CVSS 10.0
CVE-2014-0749 [CRITICAL] CVE-2014-0749 torque: buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective [epel-all]
CVE-2014-0749 torque: buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed
Bugzilla
CVE-2014-0749 torque: buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective
bugzilla·2014-05-16·CVSS 10.0
CVE-2014-0749 [CRITICAL] CVE-2014-0749 torque: buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective
CVE-2014-0749 torque: buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective
Upstream published [1] vulnerability description, which allow remote un-authenticated attacker to execute arbitrary commands with root privileges.
This issue is exploitable in all versions of the 2.5 branch, up to and including 2.5.13.
A patch is submitted to the 2.5-dev GitHub repository (which is still active) which resolves this issue.
It is strongly recommended that a version of 2.5-dev (later than pull request 171) is updated to.
The vulnerability exists because the file disrsi_.c fails to ensure that the length of count (which is read from the request packet) is less than dis_umaxd prior to being used in a later memcpy(). As
http://osvdb.org/show/osvdb/107024http://packetstormsecurity.com/files/126651/Torque-2.5.13-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/126855/TORQUE-Resource-Manager-2.5.13-Buffer-Overflow.htmlhttp://www.debian.org/security/2014/dsa-2936http://www.exploit-db.com/exploits/33554http://www.securityfocus.com/archive/1/532110/100/0/threadedhttp://www.securityfocus.com/bid/67420https://github.com/adaptivecomputing/torque/commit/3ed749263abe3d69fa3626d142a5789dcb5a5684https://github.com/adaptivecomputing/torque/pull/171https://labs.mwrinfosecurity.com/advisories/2014/05/14/torque-buffer-overflowhttps://labs.mwrinfosecurity.com/system/assets/662/original/torque-buffer-overflow_2014-05-14.pdfhttp://osvdb.org/show/osvdb/107024http://packetstormsecurity.com/files/126651/Torque-2.5.13-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/126855/TORQUE-Resource-Manager-2.5.13-Buffer-Overflow.htmlhttp://www.debian.org/security/2014/dsa-2936http://www.exploit-db.com/exploits/33554http://www.securityfocus.com/archive/1/532110/100/0/threadedhttp://www.securityfocus.com/bid/67420https://github.com/adaptivecomputing/torque/commit/3ed749263abe3d69fa3626d142a5789dcb5a5684https://github.com/adaptivecomputing/torque/pull/171https://labs.mwrinfosecurity.com/advisories/2014/05/14/torque-buffer-overflowhttps://labs.mwrinfosecurity.com/system/assets/662/original/torque-buffer-overflow_2014-05-14.pdf
2014-05-16
Published