SB2023020128 - Ubuntu update for slurm-llnl
Published: February 1, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2016-10030)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all Slurm versions from 0.6.0 (September 2005) to present. Workarounds to prevent exploitation of this are to either disable your Prolog script, or modify it such that it always returns 0 ("success") and adjust it to set the node as down using scontrol instead of relying on the slurmd to handle that automatically. If you do not have a Prolog set you are unaffected by this issue.
2) Untrusted search path (CVE-ID: CVE-2017-15566)
The vulnerability allows a local authenticated user to execute arbitrary code.
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.
3) Security restrictions bypass (CVE-ID: CVE-2018-10995)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to the application mishandles user names (aka user_name fields) and group ids (aka gid fields). A remote unauthenticated attacker can bypass security restrictions and conduct further attacks.
4) SQL injection (CVE-ID: CVE-2018-7033)
The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database.
Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.
5) Heap-based buffer overflow (CVE-ID: CVE-2019-6438)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted data to the affected application, trigger heap overflow and perform denial of service attack.6) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2020-12693)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to a race condition during authentication process, if Message Aggregation is enabled. A remote non-authenticated attacker can send specially crafted request to the application, bypass authentication process and execute arbitrary code on the system.
7) Buffer overflow (CVE-ID: CVE-2020-27745)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the PMIx MPI plugin. A local user can run a specially crafted program to trigger buffer overflow in RPC implementation and execute arbitrary code on the system with elevated privileges.
8) Race condition (CVE-ID: CVE-2020-27746)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition in the xauth for X11 magic cookies when reading data on the /proc filesystem. A local user can exploit the race and gain unauthorized access to sensitive information.
9) Security restrictions bypass (CVE-ID: CVE-2021-31215)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper environment handling in Slurm. A remote user can run arbitrary commands as SlurmUser if the installation uses a PrologSlurmctld and/or EpilogSlurmctld script.
Remediation
Install update from vendor's website.