PT-2017-3402 · Schedmd+3 · Slurm+3

Publicado

2017-11-01

Atualizado

2024-06-15

CVE-2017-15566

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SchedMD Slurm versions prior to 16.05.11 SchedMD Slurm versions 17.x prior to 17.02.9 SchedMD Slurm versions 17.11.x prior to 17.11.0rc2

Description The issue is related to insecure handling of the SPANK environment variable in Slurm. This can be exploited to escalate privileges to the root level when executing Prolog or Epilog scripts.

Recommendations For versions prior to 16.05.11, update to version 16.05.11 or later. For versions 17.x prior to 17.02.9, update to version 17.02.9 or later. For versions 17.11.x prior to 17.11.0rc2, update to version 17.11.0rc2 or later.

Correção

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-426

Identificadores relacionados

BDU:2018-00186

CVE-2017-15566

DSA-4023-1

OPENSUSE-SU-2024:11389-1

SUSE-SU-2017:3311-1

SUSE-SU-2017_3311-1

SUSE-SU-2020:0434-1

SUSE-SU-2020:0443-1

SUSE-SU-2020:2607-1

SUSE-SU-2021:0773-1

USN-4781-1

Produtos afetados

Linuxmint

Slurm

Suse

Ubuntu

PT-2017-3402 · Schedmd+3 · Slurm+3

CVE-2017-15566

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 100