CVE Vulnerabilities

CVE-2009-2084

Published: Jun 16, 2009 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.

Affected Software

Name Vendor Start Version End Version
Slurm Llnl 1.3.6 1.3.6
Slurm Llnl 1.3.7 1.3.7
Slurm Llnl * 1.3.13
Slurm Llnl 1.3.2 1.3.2
Slurm Llnl 1.3.5 1.3.5
Slurm Llnl 1.2 1.2
Slurm Llnl 1.3.12 1.3.12
Slurm Llnl 1.3.4 1.3.4
Slurm Llnl 1.3.8 1.3.8
Slurm Llnl 1.3.10 1.3.10
Slurm Llnl 1.3.1 1.3.1
Slurm Llnl 1.3.3 1.3.3
Slurm Llnl 1.3.11 1.3.11
Slurm Llnl 1.3 1.3
Slurm Llnl 1.3.9 1.3.9

References