CVE-2010-3380

Name of the Vulnerable Software and Affected Versions SLURM versions prior to 2.1.14

Description The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to the init.d/slurm and init.d/slurmdbd scripts placing the . (dot) directory in the LD LIBRARY PATH.

Recommendations For versions prior to 2.1.14, update to version 2.1.14 or later to resolve the issue. As a temporary workaround, consider restricting the LD LIBRARY PATH environment variable to prevent the loading of shared libraries from the current working directory.