ID de Prueba:	1.3.6.1.4.1.25623.1.0.900375
Categoría:	Privilege escalation
Título:	Privilege Escalation Vulnerability in SLURM
Resumen:	SLURM (Simple Linux Utility for Resource Management); is prone to a privilege escalation vulnerability.
Descripción:	Summary: SLURM (Simple Linux Utility for Resource Management) is prone to a privilege escalation vulnerability. Vulnerability Insight: - Error within the sbcast implementation when establishing supplemental groups, which can be exploited to e.g. access files with the supplemental group privileges of the slurmd daemon. - Error in slurmctld daemon is not properly dropping supplemental groups when handling the 'strigger' command, which can be exploited to e.g. access files with the supplemental group privileges of the slurmctld daemon. Vulnerability Impact: This can be exploited by malicious SLURM local users to gain escalated privileges. Affected Software/OS: SLURM all versions of 1.2 and 1.3 prior to 1.3.15 on Linux (Debian) Solution: Upgrade to SLURM version 1.3.14 or later. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2084 BugTraq ID: 34638 http://www.securityfocus.com/bid/34638 Debian Security Information: DSA-1776 (Google Search) http://www.debian.org/security/2009/dsa-1776 http://secunia.com/advisories/34831 http://www.vupen.com/english/advisories/2009/1128 XForce ISS Database: slurm-sbcast-priv-escalation(50126) https://exchange.xforce.ibmcloud.com/vulnerabilities/50126 XForce ISS Database: slurm-slurmctld-privilege-escalation(50127) https://exchange.xforce.ibmcloud.com/vulnerabilities/50127
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.