SB2009061701 - Privilege escalation in Slurm
Published: June 17, 2009 Updated: January 29, 2021
Security Bulletin ID
SB2009061701
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Credentials management (CVE-ID: CVE-2009-2084)
The vulnerability allows a local user to escalate privileges on the system.
Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.
Remediation
Install update from vendor's website.
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524980
- http://secunia.com/advisories/34831
- http://sourceforge.net/project/shownotes.php?release_id=676055&group_id=157944
- http://www.debian.org/security/2009/dsa-1776
- http://www.securityfocus.com/bid/34638
- http://www.vupen.com/english/advisories/2009/1128
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50126
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50127