Main Vulnerability Database Vulnerabilities #VU50146

Credentials management in Slurm - CVE-2009-2084

Published: June 17, 2009 / Updated: January 29, 2021

Vulnerability identifier: #VU50146

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2009-2084

CWE-ID: CWE-255

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Slurm

Software vendor:
SchedMD

Description

The vulnerability allows a local user to escalate privileges on the system.

Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.

Remediation

Install updates from vendor's website.

External links

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524980
http://secunia.com/advisories/34831
http://sourceforge.net/project/shownotes.php?release_id=676055&group_id=157944
http://www.debian.org/security/2009/dsa-1776
http://www.securityfocus.com/bid/34638
http://www.vupen.com/english/advisories/2009/1128
https://exchange.xforce.ibmcloud.com/vulnerabilities/50126
https://exchange.xforce.ibmcloud.com/vulnerabilities/50127

Credentials management in Slurm - CVE-2009-2084

Description

Remediation

External links

Please verify you're human