Jump to content
  • Announcements

    • admin

      PBS Forum Has Closed   06/12/17

      The PBS Works Support Forum is no longer active.  For PBS community-oriented questions and support, please join the discussion at http://community.pbspro.org.  Any new security advisories related to commercially-licensed products will be posted in the PBS User Area (https://secure.altair.com/UserArea/). 
Sign in to follow this  
Bill Nitzberg

SECURITY BULLETIN PBS11-01

Recommended Posts

DESCRIPTION:

Altair Engineering is releasing this advisory to customers running PBS Professional to alert them to a security vulnerability. This vulnerability affects customers whose network policies allow arbitrary systems to directly connect to the PBS Server. An attacker who successfully exploits this vulnerability could gain administrator privilege (root access) on PBS execution hosts. To the best of our knowledge, this vulnerability is not publicly known.

SEVERITY RATING: Critical

RECOMMENDATION:

Altair recommends that customers who allow arbitrary systems to have direct network access to the PBS Server system, apply this update in a timely fashion. Alternatively, using firewall software to lock down network access, allowing only authorized hosts to connect to the PBS Server system, will also prevent an attacker from exploiting this vulnerability.

AFFECTED SOFTWARE:

All versions of PBS Professional except patched versions listed below.

SCHEDULE OF AVAILABILITY OF UPDATE:

PBS Professional 11.0 Available now as 11.0.2

PBS Professional 10.4 Available now as 10.4.5

PBS Professional 10.2 Available now as 10.2.1

PBS Professional 10.1 Available now as 10.1.7

PBS Professional 10.0 Available now as 10.0.9

NOTE: Altair advises customers running any 10.x release who believe they may be vulnerable to this attack to upgrade to at least v10.4.5.

SECURITY UPDATE:

The updates and packages are being made available to all customers running PBS Professional software. For customers with current maintenance and support contracts, the updates are available from the user login area of the PBS Professional website. For customers who do not have access to this area, please see below for instructions on getting the required update. Please refer to the release notes and installation instructions included in each package.

INSTRUCTIONS TO OBTAIN UPDATE:

For customers with active support, please go to:
/>http://www.pbspro.com/UserArea/

log in with your site ID and password to obtain the desired packages.

For customers without active support, please send an email to:

pbssupport@altair.com

Please include the version of PBS Professional you are running,

the operating system you are using, and the hardware/platform you are running on.

This will help us expedite your request.

Please contact pbssupport@altair.com if you need additional information.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×