Vulnerability Description
Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Llnl | Slurm | <= 1.3.13 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524980
- http://secunia.com/advisories/34831Vendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=676055&group_id=157944
- http://www.debian.org/security/2009/dsa-1776Patch
- http://www.securityfocus.com/bid/34638Patch
- http://www.vupen.com/english/advisories/2009/1128PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50126
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50127
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524980
- http://secunia.com/advisories/34831Vendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=676055&group_id=157944
- http://www.debian.org/security/2009/dsa-1776Patch
- http://www.securityfocus.com/bid/34638Patch
- http://www.vupen.com/english/advisories/2009/1128PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50126
FAQ
What is CVE-2009-2084?
CVE-2009-2084 is a vulnerability with a CVSS score of 7.2 (HIGH). Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slu...
How severe is CVE-2009-2084?
CVE-2009-2084 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2084?
Check the references section above for vendor advisories and patch information. Affected products include: Llnl Slurm.