PT-2017-7715 · Schedmd+3 · Slurm+3

Published

2017-01-05

·

Updated

2024-06-15

·

CVE-2016-10030

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Slurm versions 0.6.0 through 15.08.12 Slurm versions 16.x through 16.05.6 Slurm versions 17.x through 17.02.0-pre3
Description The issue is related to the prolog error function in the slurmd/req.c file, which handles Prolog failures on compute nodes. This could allow a user to gain control of arbitrary files on the system if they can cause or anticipate a Prolog script failure. The exploitation depends on the user's ability to trigger or predict a non-zero return code from a Prolog script.
Recommendations For Slurm versions 0.6.0 through 15.08.12, consider disabling the Prolog script or modify it to always return 0 and use scontrol to set the node as down. For Slurm versions 16.x through 16.05.6, consider disabling the Prolog script or modify it to always return 0 and use scontrol to set the node as down. For Slurm versions 17.x through 17.02.0-pre3, consider disabling the Prolog script or modify it to always return 0 and use scontrol to set the node as down.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-10030
DLA-921-1
OPENSUSE-SU-2024:11389-1
SUSE-SU-2020:0434-1
SUSE-SU-2020:0443-1
SUSE-SU-2020:2607-1
SUSE-SU-2020_0434-1
SUSE-SU-2020_0443-1
SUSE-SU-2020_2607-1
SUSE-SU-2021:0773-1
SUSE-SU-2021_0773-1
USN-4781-1
USN-4781-2

Affected Products

Linuxmint
Slurm
Suse
Ubuntu