Candidate: CVE-2013-4495
PublicDate: 2013-11-20 14:12:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4495
 http://lists.debian.org/debian-security-announce/2013/msg00208.html
Description:
 The send_the_mail function in server/svr_mail.c in Terascale Open-Source
 Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6
 allows remote attackers to execute arbitrary commands via shell
 metacharacters in the email (-M switch) to qsub.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Matt Ezell
Assigned-to:
CVSS: 

Patches_torque:
upstream_torque: released (2.4.8+dfsg-9squeeze3, 2.4.16+dfsg-1+deb7u2, 2.4.16+dfsg-1.3)
lucid_torque: ignored (reached end-of-life)
precise_torque: released (2.4.16+dfsg-1+deb7u4build0.12.04.1)
quantal_torque: ignored (reached end-of-life)
raring_torque: ignored (reached end-of-life)
saucy_torque: ignored (reached end-of-life)
trusty_torque: not-affected (2.4.16+dfsg-1.3ubuntu1)
trusty/esm_torque: not-affected (2.4.16+dfsg-1.3ubuntu1)
utopic_torque: not-affected (2.4.16+dfsg-1.3ubuntu1)
vivid_torque: not-affected (2.4.16+dfsg-1.3ubuntu1)
devel_torque: not-affected (2.4.16+dfsg-1.3ubuntu1)