CVE-2003-0337

Name of the Vulnerable Software and Affected Versions: LSF version 5.1

Description: The issue allows local users to execute arbitrary programs. This is achieved by modifying the LSF ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF SERVERDIR to point to a malicious lim program, which lsadmin then executes.

Recommendations: For LSF version 5.1, restrict access to the LSF ENVDIR and LSF SERVERDIR environment variables to prevent modification by unauthorized users. As a temporary workaround, consider disabling the execution of the lim program by lsadmin until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.