Detections
Analytics

Ubuntu 20.04 ESM / 22.04 ESM : Slurm vulnerabilities (USN-6458-1)

critical Nessus Plugin ID 184019

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6458-1 advisory.

 - SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
 (CVE-2022-29500)

 - SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. (CVE-2022-29501)

 - SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
 (CVE-2022-29502)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-6458-1

Plugin Details

Severity: Critical

ID: 184019

File Name: ubuntu_USN-6458-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 10/30/2023

Updated: 10/30/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-29501

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2022-29502

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:20.04:-:esm, cpe:/o:canonical:ubuntu_linux:22.04:-:esm, p-cpe:/a:canonical:ubuntu_linux:libpam-slurm, p-cpe:/a:canonical:ubuntu_linux:libpam-slurm-adopt, p-cpe:/a:canonical:ubuntu_linux:libpmi0, p-cpe:/a:canonical:ubuntu_linux:libpmi0-dev, p-cpe:/a:canonical:ubuntu_linux:libpmi2-0, p-cpe:/a:canonical:ubuntu_linux:libpmi2-0-dev, p-cpe:/a:canonical:ubuntu_linux:libslurm-dev, p-cpe:/a:canonical:ubuntu_linux:libslurm-perl, p-cpe:/a:canonical:ubuntu_linux:libslurm34, p-cpe:/a:canonical:ubuntu_linux:libslurm37, p-cpe:/a:canonical:ubuntu_linux:libslurmdb-perl, p-cpe:/a:canonical:ubuntu_linux:slurm-client, p-cpe:/a:canonical:ubuntu_linux:slurm-client-emulator, p-cpe:/a:canonical:ubuntu_linux:slurm-wlm, p-cpe:/a:canonical:ubuntu_linux:slurm-wlm-basic-plugins, p-cpe:/a:canonical:ubuntu_linux:slurm-wlm-basic-plugins-dev, p-cpe:/a:canonical:ubuntu_linux:slurm-wlm-emulator, p-cpe:/a:canonical:ubuntu_linux:slurm-wlm-torque, p-cpe:/a:canonical:ubuntu_linux:slurmctld, p-cpe:/a:canonical:ubuntu_linux:slurmd, p-cpe:/a:canonical:ubuntu_linux:slurmdbd, p-cpe:/a:canonical:ubuntu_linux:slurmrestd, p-cpe:/a:canonical:ubuntu_linux:sview

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 10/30/2023

Vulnerability Publication Date: 5/5/2022

Reference Information

CVE: CVE-2022-29500, CVE-2022-29501, CVE-2022-29502

USN: 6458-1