Jump to content
  • Announcements

    • admin

      PBS Forum Has Closed   06/12/17

      The PBS Works Support Forum is no longer active.  For PBS community-oriented questions and support, please join the discussion at http://community.pbspro.org.  Any new security advisories related to commercially-licensed products will be posted in the PBS User Area (https://secure.altair.com/UserArea/). 

smgoosen

Moderators
  • Content count

    4
  • Joined

  • Last visited

About smgoosen

  • Rank
    Newbie

Profile Information

  • Gender
    Not Telling
  1. DESCRIPTION: Altair Engineering is releasing this advisory to customers running PBS Professional to alert them to a security vulnerability. This is a privilege escalation vulnerability that potentially affects all customers. An attacker who successfully exploits this vulnerability could gain administrator privilege (root access) on PBS server (aka headnode) hosts. The attacker would need to be an authenticated user authorized to submit jobs on the cluster. SEVERITY RATING: Critical RECOMMENDATION: Altair recommends that all customers running their PBS Professional server on a Linux and/or Unix based OS apply this update in a timely fashion. AFFECTED SOFTWARE: All currently released Linux and Unix versions of PBS Professional SCHEDULE OF AVAILABILITY OF UPDATE: PBS Professional patch is applicable to all affected releases 10.x and newer (attached to this bulletin) PBS Professional 12.2.0 (available Dec 2013) NOTE: Altair advises customers running any 10.x or prior release upgrade to at least v10.4.7. SECURITY UPDATE: The updates and packages are being made available to all customers running PBS Professional software. For customers with current maintenance and support contracts, the updates are available from the user login area of the PBS Professional website. For customers who do not have access to this area, please see below for instructions on getting the required update. Please refer to the release notes and installation instructions included in each package. INSTRUCTIONS TO OBTAIN UPDATE: For customers with active support, please go to: http://www.pbspro.com/UserArea/ log in with your site ID and password to obtain the desired packages. For customers without active support, please send an email to: pbssupport@altair.com Please include the version of PBS Professional you are running, the operating system you are using, and the hardware/platform you are running on. This will help us expedite your request. Please contact pbssupport@altair.com if you need additional information. Altair would like to thank Cray Inc for reporting this issue. 13-01_verify_mail.tar.gz
  2. Altair has recently discovered a bug in the PBS Professional v12.0 implementation of MoM hooks. This issue affects all MoM hooks that are greater than 4Kb in size. The problem is that there is a 4Kb limit to the size of the script file that can be automatically copied out to the MoM nodes. Even though the hook script will be imported without error during hook creation, i.e. Qmgr: import hook application/x-python... does not fail, any script larger than 4Kb will not be copied to the MoMs intact. You will see error message in the MoM log file when the hook is executed like: ...pbs_python;Svr;pbs_python;PBS server internal error (15011) in Failed to compile script, <type 'exceptions.SyntaxError'> The workaround to be able to use scripts >4Kb is to create the hook as normal via qmgr, including using qmgr to import the hook script, but then manually re-copy the hook script out to the MoM nodes, specifically into the $PBS_HOME/mom_priv/hooks directory. The hook scripts must be owned by root, have read/write/execute permissions for root (700) and be named <hook name>.PY on the MoM nodes in the mom_priv/hooks directory. The pbs_mom daemon does not need to be restarted after manually copying over the hook script.
  3. DESCRIPTION: Altair Engineering is releasing this advisory to customers running PBS Professional to alert them to a security vulnerability. This is a Denial of Service (DoS) vulnerability that potentially affects all customers. An attacker who successfully exploits this vulnerability could cause the PBS server daemon to exhibit a memory protection fault and crash. To the best of our knowledge, this PBS Professional vulnerability is not publicly known. SEVERITY RATING: Major RECOMMENDATION: Altair recommends that all customers apply this update in a timely fashion. AFFECTED SOFTWARE: All versions of PBS Professional except patched versions listed below. SCHEDULE OF AVAILABILITY OF UPDATE: PBS Professional 11.x Available now as v11.1.1 PBS Professional 10.4.x Available now as v10.4.7 NOTE: Altair advises customers running any 10.x or prior release upgrade to at least v10.4.7. SECURITY UPDATE: The updates and packages are being made available to all customers running PBS Professional software. For customers with current maintenance and support contracts, the updates are available from the user login area of the PBS Professional website. For customers who do not have access to this area, please see below for instructions on getting the required update. Please refer to the release notes and installation instructions included in each package. INSTRUCTIONS TO OBTAIN UPDATE: For customers with active support, please go to: />http://www.pbspro.com/UserArea/ log in with your site ID and password to obtain the desired packages. For customers without active support, please send an email to: pbssupport@altair.com Please include the version of PBS Professional you are running, the operating system you are using, and the hardware/platform you are running on. This will help us expedite your request. Please contact pbssupport@altair.com if you need additional information.
  4. DESCRIPTION: Altair Engineering is releasing this advisory to customers running PBS Professional to alert them to a security vulnerability. This is a buffer overrun vulnerability that potentially affects all customers. An attacker who successfully exploits this vulnerability could gain administrator privilege (root access) on the PBS server (aka headnode) hosts. To the best of our knowledge, this PBS Professional vulnerability is not publicly known. SEVERITY RATING: Critical RECOMMENDATION: Altair recommends that all customers apply this update in a timely fashion. AFFECTED SOFTWARE: All versions of PBS Professional except patched versions listed below. SCHEDULE OF AVAILABILITY OF UPDATE: PBS Professional 11.x Available now as v11.1 PBS Professional 10.4.x Available now as v10.4.6 NOTE: Altair advises customers running any 10.x or prior release upgrade to at least v10.4.6. SECURITY UPDATE: The updates and packages are being made available to all customers running PBS Professional software. For customers with current maintenance and support contracts, the updates are available from the user login area of the PBS Professional website. For customers who do not have access to this area, please see below for instructions on getting the required update. Please refer to the release notes and installation instructions included in each package. INSTRUCTIONS TO OBTAIN UPDATE: For customers with active support, please go to: />http://www.pbspro.com/UserArea/ log in with your site ID and password to obtain the desired packages. For customers without active support, please send an email to: pbssupport@altair.com Please include the version of PBS Professional you are running, the operating system you are using, and the hardware/platform you are running on. This will help us expedite your request. Please contact pbssupport@altair.com if you need additional information.
×