CVE-2009-2084

high

Description

Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50127

https://exchange.xforce.ibmcloud.com/vulnerabilities/50126

http://www.vupen.com/english/advisories/2009/1128

http://www.securityfocus.com/bid/34638

http://www.debian.org/security/2009/dsa-1776

http://sourceforge.net/project/shownotes.php?release_id=676055&group_id=157944

http://secunia.com/advisories/34831

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524980

Details

Source: Mitre, NVD

Published: 2009-06-16

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High