Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Experiment Environment

Ubuntu 14.04LTS

INSTALL & Configuration

tar -xvf torque-2.5.13.gz
cd torque-2.5.13

Problems in Installation & Configuration

How to trigger vulnerability


sudo ./src/server/pbs_server -D -t create




TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub

TORQUE CVE-2014-0749 Stack Buffer Overflow Vulnerability

Vulnerability Details & Patch

Root Cause

The vulnerability exists because the file disrsi_.c fails to ensure that the length of count (which is read from the request packet) is less than dis_umaxd prior to being used in a later memcpy(). As a result a specially crafted request can smuggle through a count value which is later decremented and becomes the ct value in a memcpy() made from within tcp_gets():

memcpy((char *)str, tp->tdis_leadp, ct);

This failure to validate count allows control over the size of the memcpy() to be leveraged and as a result control over the amount of data read from the remainder of the packet. If this value is large the memcpy() will overwrite the stack and so can be leveraged in order to gain control over the execution of the program.

Stack Trace



You can’t perform that action at this time.