PT-2017-7715 · Schedmd+3 · Slurm+3

Publicado

2017-01-05

·

Atualizado

2024-06-15

·

CVE-2016-10030

CVSS v3.1

8.1

Alta

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Slurm versions 0.6.0 through 15.08.12 Slurm versions 16.x through 16.05.6 Slurm versions 17.x through 17.02.0-pre3
Description The issue is related to the prolog error function in the slurmd/req.c file, which handles Prolog failures on compute nodes. This could allow a user to gain control of arbitrary files on the system if they can cause or anticipate a Prolog script failure. The exploitation depends on the user's ability to trigger or predict a non-zero return code from a Prolog script.
Recommendations For Slurm versions 0.6.0 through 15.08.12, consider disabling the Prolog script or modify it to always return 0 and use scontrol to set the node as down. For Slurm versions 16.x through 16.05.6, consider disabling the Prolog script or modify it to always return 0 and use scontrol to set the node as down. For Slurm versions 17.x through 17.02.0-pre3, consider disabling the Prolog script or modify it to always return 0 and use scontrol to set the node as down.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2016-10030
DLA-921-1
OPENSUSE-SU-2024:11389-1
SUSE-SU-2020:0434-1
SUSE-SU-2020:0443-1
SUSE-SU-2020:2607-1
SUSE-SU-2020_0434-1
SUSE-SU-2020_0443-1
SUSE-SU-2020_2607-1
SUSE-SU-2021:0773-1
SUSE-SU-2021_0773-1
USN-4781-1
USN-4781-2

Produtos afetados

Linuxmint
Slurm
Suse
Ubuntu