[原文]Format string vulnerability in NQS daemon (nqsdaemon) in NQE 126.96.36.199 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters.
SGI has acknowledged the vulnerability in the Network Queuing Environment package, and has stated it will not be providing a patch for the vulnerability. SGI has instead recommended uninstalling the vulnerable package.
UNICOS Network Queuing System (NQS) Local Format String
Local / Remote,
Loss of Integrity
Unicos' Network Queuing System (NQS), part of the Network Queuing Environment (NQE), contains a flaw that allows any local user gain root privileges. The issue is due to a format string vulnerability in the NQS Daemon that incorrectly processes batch files with malcrafted names. When the name is passed to the NQS daemon via the "qsub" utility, the vulnerable function can be exploited to gain elevated privileges.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Uninstall the vulnerable package.