Test ID:	1.3.6.1.4.1.25623.1.0.900375
Category:	Privilege escalation
Title:	Privilege Escalation Vulnerability in SLURM
Summary:	SLURM (Simple Linux Utility for Resource Management); is prone to a privilege escalation vulnerability.
Description:	Summary: SLURM (Simple Linux Utility for Resource Management) is prone to a privilege escalation vulnerability. Vulnerability Insight: - Error within the sbcast implementation when establishing supplemental groups, which can be exploited to e.g. access files with the supplemental group privileges of the slurmd daemon. - Error in slurmctld daemon is not properly dropping supplemental groups when handling the 'strigger' command, which can be exploited to e.g. access files with the supplemental group privileges of the slurmctld daemon. Vulnerability Impact: This can be exploited by malicious SLURM local users to gain escalated privileges. Affected Software/OS: SLURM all versions of 1.2 and 1.3 prior to 1.3.15 on Linux (Debian) Solution: Upgrade to SLURM version 1.3.14 or later. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2084 BugTraq ID: 34638 http://www.securityfocus.com/bid/34638 Debian Security Information: DSA-1776 (Google Search) http://www.debian.org/security/2009/dsa-1776 http://secunia.com/advisories/34831 http://www.vupen.com/english/advisories/2009/1128 XForce ISS Database: slurm-sbcast-priv-escalation(50126) https://exchange.xforce.ibmcloud.com/vulnerabilities/50126 XForce ISS Database: slurm-slurmctld-privilege-escalation(50127) https://exchange.xforce.ibmcloud.com/vulnerabilities/50127
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.