Vulnerability CVE-2009-2084
Published: 2009-06-16   Modified: 2012-02-13

Description:
Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.

Type:

CWE-255

 (Credentials Management)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
LLNL -> Slurm 

 References:
http://xforce.iss.net/xforce/xfdb/50127
http://xforce.iss.net/xforce/xfdb/50126
http://www.vupen.com/english/advisories/2009/1128
http://www.securityfocus.com/bid/34638
http://www.debian.org/security/2009/dsa-1776
http://sourceforge.net/project/shownotes.php?release_id=676055&group_id=157944
http://secunia.com/advisories/34831
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524980
Copyright 2024, cxsecurity.com

 

Back to Top