Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Lsf | Platform | 4.0 (including) | 4.0 (including) |
Lsf | Platform | 4.2 (including) | 4.2 (including) |
Lsf | Platform | 5.0 (including) | 5.0 (including) |
Lsf | Platform | 5.1 (including) | 5.1 (including) |
Lsf | Platform | 6.0 (including) | 6.0 (including) |