Credentials management in Slurm - CVE-2009-2084

 

Credentials management in Slurm - CVE-2009-2084

Published: June 17, 2009 / Updated: January 29, 2021


Vulnerability identifier: #VU50146
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2009-2084
CWE-ID: CWE-255
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: SchedMD
Affected software:
Slurm

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.


How to mitigate CVE-2009-2084

Install updates from vendor's website.

Sources