PT-2014-3811 · Cray · Alpsauth+3

Published

2014-12-27

Updated

2014-12-30

CVE-2014-0748

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions apinit on Cray devices with CLE version 4.2 before 4.2.UP02 apinit on Cray devices with CLE version 5.x before 5.1.UP00

Description The issue concerns the apinit on Cray devices, where it does not properly validate the UID in a launch message using alpsauth data. This allows local users to potentially gain privileges by modifying the aprun program.

Recommendations For apinit on Cray devices with CLE version 4.2 before 4.2.UP02, update to version 4.2.UP02 or later. For apinit on Cray devices with CLE version 5.x before 5.1.UP00, update to version 5.1.UP00 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2014-0748

Affected Products

Cle

Alpsauth

Apinit

Aprun

PT-2014-3811 · Cray · Alpsauth+3

CVE-2014-0748

Weakness Enumeration

Related Identifiers

Affected Products

References · 2