CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
5.1%
The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Vendor | Product | Version | CPE |
---|---|---|---|
llnl | slurm | * | cpe:2.3:a:llnl:slurm:*:*:*:*:*:*:*:* |
llnl | slurm | 1.3.10 | cpe:2.3:a:llnl:slurm:1.3.10:*:*:*:*:*:*:* |
llnl | slurm | 1.3.11 | cpe:2.3:a:llnl:slurm:1.3.11:*:*:*:*:*:*:* |
llnl | slurm | 1.3.12 | cpe:2.3:a:llnl:slurm:1.3.12:*:*:*:*:*:*:* |
llnl | slurm | 1.3.13 | cpe:2.3:a:llnl:slurm:1.3.13:*:*:*:*:*:*:* |
llnl | slurm | 1.3.14 | cpe:2.3:a:llnl:slurm:1.3.14:*:*:*:*:*:*:* |
llnl | slurm | 1.3.15 | cpe:2.3:a:llnl:slurm:1.3.15:*:*:*:*:*:*:* |
llnl | slurm | 2.0.0 | cpe:2.3:a:llnl:slurm:2.0.0:*:*:*:*:*:*:* |
llnl | slurm | 2.0.1 | cpe:2.3:a:llnl:slurm:2.0.1:*:*:*:*:*:*:* |
llnl | slurm | 2.0.2 | cpe:2.3:a:llnl:slurm:2.0.2:*:*:*:*:*:*:* |