RCE in Adaptivecomputing Torque_resource_manager

CVE-2013-4495

The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.054 (90.3th percentile) — read the EPSS interpretation.

Affected products

Adaptivecomputing Torque_resource_manager — versions 2.0.0, 2.1.2, 2.1.3
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

55622 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
DSA-2796 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM)
55535 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)