Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.900375
Kategorie:Privilege escalation
Titel:Privilege Escalation Vulnerability in SLURM
Zusammenfassung:This host has SLURM (Simple Linux Utility for Resource Management); installed and is prone to Privilege Escalation vulnerability.
Beschreibung:Summary:
This host has SLURM (Simple Linux Utility for Resource Management)
installed and is prone to Privilege Escalation vulnerability.

Vulnerability Insight:
- Error within the sbcast implementation when establishing supplemental
groups, which can be exploited to e.g. access files with the supplemental
group privileges of the slurmd daemon.

- Error in slurmctld daemon is not properly dropping supplemental groups
when handling the 'strigger' command, which can be exploited to
e.g. access files with the supplemental group privileges of the
slurmctld daemon.

Vulnerability Impact:
This can be exploited by malicious SLURM local users to gain escalated
privileges.

Affected Software/OS:
SLURM all versions of 1.2 and 1.3 prior to 1.3.15 on Linux (Debian)

Solution:
Upgrade to SLURM version 1.3.14 or later.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 34638
Common Vulnerability Exposure (CVE) ID: CVE-2009-2084
http://www.securityfocus.com/bid/34638
Debian Security Information: DSA-1776 (Google Search)
http://www.debian.org/security/2009/dsa-1776
http://secunia.com/advisories/34831
http://www.vupen.com/english/advisories/2009/1128
XForce ISS Database: slurm-sbcast-priv-escalation(50126)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50126
XForce ISS Database: slurm-slurmctld-privilege-escalation(50127)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50127
CopyrightCopyright (C) 2009 SecPod

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.