CVE-2009-2084

Sažetak

Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524980
http://secunia.com/advisories/34831
http://sourceforge.net/project/shownotes.php?release_id=676055&group_id=157944
http://www.debian.org/security/2009/dsa-1776
http://www.securityfocus.com/bid/34638
http://www.vupen.com/english/advisories/2009/1128
https://exchange.xforce.ibmcloud.com/vulnerabilities/50126
https://exchange.xforce.ibmcloud.com/vulnerabilities/50127

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-08-2017 - 01:30

Objavljeno

16-06-2009 - 23:30