PT-2017-3402 · Schedmd+3 · Slurm+3

Published

2017-11-01

Updated

2024-06-15

CVE-2017-15566

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SchedMD Slurm versions prior to 16.05.11 SchedMD Slurm versions 17.x prior to 17.02.9 SchedMD Slurm versions 17.11.x prior to 17.11.0rc2

Description The issue is related to insecure handling of the SPANK environment variable in Slurm. This can be exploited to escalate privileges to the root level when executing Prolog or Epilog scripts.

Recommendations For versions prior to 16.05.11, update to version 16.05.11 or later. For versions 17.x prior to 17.02.9, update to version 17.02.9 or later. For versions 17.11.x prior to 17.11.0rc2, update to version 17.11.0rc2 or later.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-426

Related Identifiers

BDU:2018-00186

CVE-2017-15566

DSA-4023-1

OPENSUSE-SU-2024:11389-1

SUSE-SU-2017:3311-1

SUSE-SU-2017_3311-1

SUSE-SU-2020:0434-1

SUSE-SU-2020:0443-1

SUSE-SU-2020:2607-1

SUSE-SU-2021:0773-1

USN-4781-1

Affected Products

Linuxmint

Slurm

Suse

Ubuntu

PT-2017-3402 · Schedmd+3 · Slurm+3

CVE-2017-15566

Weakness Enumeration

Related Identifiers

Affected Products

References · 100