TORQUE (pbs_mom) Authentication Bypass

CVE-2013-4319

Share

Type

  • TORQUE (pbs_mom) Authentication Bypass

Severity

  • High

Affected products

  • TORQUE (pbs_mon)

Affected Versions

  • All versions up to and including 4.2.5, 4.1.6, 2.5.13

Vendor

  • Adaptive Computing

Vendor Response

  • Adaptive have issued a patch to resolve this issue

Local/Remote

  • Remote

Vulnerability Class

  • Authentication Bypass

Authors

  • John Fitzpatrick

Date

  • 2013-09-18

CVE Reference

  • CVE-2013-4319

Read more

The pbs_mom component of TORQUE contains a flaw which allows non-privileged users to submit jobs directly to the pbs_mom daemon. These jobs can be executed as root.

Impact

A malicious user could exploit this vulnerability in order to remotely execute code as root.

Cause

The TORQUE authentication model revolves around the use of privileged ports. If a request is not made from a privileged port then it is assumed not to be trusted or authenticated. It was found that pbs_mom does not perform a check to ensure that connections are established from a privileged port. This allows non-privileged users can interact with pbs_mom.

Solution

At the time of writing this vulnerability affects all versions of TORQUE available for download from Adaptive Computing’s website. However, Adaptive Computing have provided a patch to mitigate this issue and the following instructions:

For 2.5.x versions of TORQUE

Download the patch file:

$ wget http://www.adaptivecomputing.com/torquepatch/fix\_mom\_priv\_2.5.patch

Run the patch command in the root directory of the TORQUE source tree:

$ patch -p1 < fix_mom_priv_2.5.patch

Recompile TORQUE:

$ make

Install TORQUE:

$ sudo make install

Restart pbs_mom (pbs_server is not affected)

For 4.x versions of TORQUE:

Download the patch file:

$ wget http://www.adaptivecomputing.com/torquepatch/fix\_mom\_priv.patch

Run the patch command in the root directory of the TORQUE source tree:

$ patch -p1 < fix_mom_priv.patch

Recompile TORQUE:

$ make

Install TORQUE:

$ sudo make install

Restart pbs_mom (pbs_server is not affected)

Technical Description

TORQUE (Terascale Open-Source Resource and QUEue Manager) is a resource manager widely used in High Performance Computing (HPC) environments. TORQUE comprises of two primary components, pbs_server and pbs_mom. Under normal operation users submit jobs to the pbs_server which handles the offloading of jobs to compute nodes (or moms) which actually run the jobs. Compute nodes run the pbs_mom service.

The pbs_server distributes jobs to the moms via a TCP connection to port 15002 established from a privileged port, thus preventing a non-privileged user from replicating this communication. However, pbs_mom does not check to ensure that connections to it are established from a privileged port. As a result non-privileged users are able to submit jobs directly to a mom from a non privileged port for execution. As the message to the mom specifies the user under which the job should be executed, and because the non-privileged user is in full control of this message, it is possible to specify that a job run as root. This is the case even where execution of root owned jobs is restricted (TORQUE default) as the check for a root owned job happens at the pbs_server, which in this case has been circumvented.

This attack can be performed from any host in the environment running pbs_server, pbs_mom or which is defined in TORQUE’s acl_hosts and is able to communicate with a mom. This also means that this attack can be executed from within a job running on a compute node.

References

Adaptive Computing’s advisory on this issue can be found here

TORQUE is available for download from Adaptive Computing