Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.900375
Categoría:Privilege escalation
Título:Privilege Escalation Vulnerability in SLURM
Resumen:This host has SLURM (Simple Linux Utility for Resource Management); installed and is prone to Privilege Escalation vulnerability.
Descripción:Summary:
This host has SLURM (Simple Linux Utility for Resource Management)
installed and is prone to Privilege Escalation vulnerability.

Vulnerability Insight:
- Error within the sbcast implementation when establishing supplemental
groups, which can be exploited to e.g. access files with the supplemental
group privileges of the slurmd daemon.

- Error in slurmctld daemon is not properly dropping supplemental groups
when handling the 'strigger' command, which can be exploited to
e.g. access files with the supplemental group privileges of the
slurmctld daemon.

Vulnerability Impact:
This can be exploited by malicious SLURM local users to gain escalated
privileges.

Affected Software/OS:
SLURM all versions of 1.2 and 1.3 prior to 1.3.15 on Linux (Debian)

Solution:
Upgrade to SLURM version 1.3.14 or later.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 34638
Common Vulnerability Exposure (CVE) ID: CVE-2009-2084
http://www.securityfocus.com/bid/34638
Debian Security Information: DSA-1776 (Google Search)
http://www.debian.org/security/2009/dsa-1776
http://secunia.com/advisories/34831
http://www.vupen.com/english/advisories/2009/1128
XForce ISS Database: slurm-sbcast-priv-escalation(50126)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50126
XForce ISS Database: slurm-slurmctld-privilege-escalation(50127)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50127
CopyrightCopyright (C) 2009 SecPod

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.