Vulnerability Description
Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Platform | Lsf | 4.0 |
References
- http://marc.info/?l=bugtraq&m=107756600403557&w=2
- http://www.securityfocus.com/bid/9724ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15278
- http://marc.info/?l=bugtraq&m=107756600403557&w=2
- http://www.securityfocus.com/bid/9724ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15278
FAQ
What is CVE-2004-0318?
CVE-2004-0318 is a vulnerability with a CVSS score of 10.0 (HIGH). Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluste...
How severe is CVE-2004-0318?
CVE-2004-0318 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0318?
Check the references section above for vendor advisories and patch information. Affected products include: Platform Lsf.