cbcvebase.
CVE-2014-0749
published 2014-05-16

CVE-2014-0749: Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13…

PriorityP268critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
17.46%
96.7th percentile
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.

Affected

15 ranges
VendorProductVersion rangeFixed in
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager
adaptivecomputingtorque_resource_manager>= 0 < 2.4.16+dfsg-1.3ubuntu1.12.4.16+dfsg-1.3ubuntu1.1

Detection & IOCsextracted from sources · hover to see the quote

pathlib/Libdis/disrsi_.c
bytes
\xc0\x18\x76\xf7\xff\x7f\x00\x00
  • The overflow is triggered when a crafted request supplies a 'count' value larger than the small stack buffer (offset ~143 bytes) in disrsi_.c, causing memcpy() to overwrite the stack. Detect anomalously large count values in DIS protocol traffic on port 15001.
  • The exploit sends a packet with 140 null bytes of padding followed by an 8-byte return address overwrite. Look for TCP stream payloads to port 15001 containing long NUL-byte runs followed by non-null 8-byte sequences.
  • The vulnerability is exploitable from an unauthenticated remote perspective, so any unauthenticated connection to the TORQUE pbs_server/mom port (15001/tcp) sending oversized DIS count fields should be treated as suspicious.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.