Main Vulnerability Database SB2021031223

SB2021031223 - SUSE update for slurm_20_11 and pdsh

Published: March 12, 2021

Security Bulletin ID SB2021031223

Severity

High

Patch available

YES

Number of vulnerabilities 11

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2016-10030)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all Slurm versions from 0.6.0 (September 2005) to present. Workarounds to prevent exploitation of this are to either disable your Prolog script, or modify it such that it always returns 0 ("success") and adjust it to set the node as down using scontrol instead of relying on the slurmd to handle that automatically. If you do not have a Prolog set you are unaffected by this issue.

2) Untrusted search path (CVE-ID: CVE-2017-15566)

The vulnerability allows a local authenticated user to execute arbitrary code.

Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.

3) Security restrictions bypass (CVE-ID: CVE-2018-10995)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the application mishandles user names (aka user_name fields) and group ids (aka gid fields). A remote unauthenticated attacker can bypass security restrictions and conduct further attacks.

4) SQL injection (CVE-ID: CVE-2018-7033)

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database.

Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.

5) SQL injection (CVE-ID: CVE-2019-12838)

The vulnerability allows a remote authenticated user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data within the sacctmgr archive load functionality. A remote authenticated user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

6) Incorrect permission assignment for critical resource (CVE-ID: CVE-2019-19727)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to application sets insecure permissions to the slurmdbd.conf file. A local user can read the file and gain access to sensitive information.

7) Improper Privilege Management (CVE-ID: CVE-2019-19728)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to Slurm executes srun --uid with incorrect privileges. A local user can escalate privileges on the system.

8) Heap-based buffer overflow (CVE-ID: CVE-2019-6438)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can send specially crafted data to the affected application, trigger heap overflow and perform denial of service attack.

9) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2020-12693)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to a race condition during authentication process, if Message Aggregation is enabled. A remote non-authenticated attacker can send specially crafted request to the application, bypass authentication process and execute arbitrary code on the system.

10) Buffer overflow (CVE-ID: CVE-2020-27745)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the PMIx MPI plugin. A local user can run a specially crafted program to trigger buffer overflow in RPC implementation and execute arbitrary code on the system with elevated privileges.

11) Race condition (CVE-ID: CVE-2020-27746)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition in the xauth for X11 magic cookies when reading data on the /proc filesystem. A local user can exploit the race and gain unauthorized access to sensitive information.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2021/suse-su-20210773-1/

Vulnerable Software

SUSE Linux Enterprise Module for HPC: 12
slurm_20_11-webdoc: before 20.11.4-3.5.1
slurm_20_11-torque-debuginfo: before 20.11.4-3.5.1
slurm_20_11-torque: before 20.11.4-3.5.1
slurm_20_11-sview-debuginfo: before 20.11.4-3.5.1
slurm_20_11-sview: before 20.11.4-3.5.1
slurm_20_11-sql-debuginfo: before 20.11.4-3.5.1
slurm_20_11-sql: before 20.11.4-3.5.1
slurm_20_11-slurmdbd-debuginfo: before 20.11.4-3.5.1
slurm_20_11-slurmdbd: before 20.11.4-3.5.1
slurm_20_11-plugins-debuginfo: before 20.11.4-3.5.1
slurm_20_11-plugins: before 20.11.4-3.5.1
slurm_20_11-pam_slurm-debuginfo: before 20.11.4-3.5.1
slurm_20_11-pam_slurm: before 20.11.4-3.5.1
slurm_20_11-node-debuginfo: before 20.11.4-3.5.1
slurm_20_11-node: before 20.11.4-3.5.1
slurm_20_11-munge-debuginfo: before 20.11.4-3.5.1
slurm_20_11-munge: before 20.11.4-3.5.1
slurm_20_11-lua-debuginfo: before 20.11.4-3.5.1
slurm_20_11-lua: before 20.11.4-3.5.1
slurm_20_11-doc: before 20.11.4-3.5.1
slurm_20_11-devel: before 20.11.4-3.5.1
slurm_20_11-debugsource: before 20.11.4-3.5.1
slurm_20_11-debuginfo: before 20.11.4-3.5.1
slurm_20_11-config-man: before 20.11.4-3.5.1
slurm_20_11-config: before 20.11.4-3.5.1
slurm_20_11-auth-none-debuginfo: before 20.11.4-3.5.1
slurm_20_11-auth-none: before 20.11.4-3.5.1
slurm_20_11: before 20.11.4-3.5.1
perl-slurm_20_11-debuginfo: before 20.11.4-3.5.1
perl-slurm_20_11: before 20.11.4-3.5.1
pdsh_slurm_20_11-debugsource: before 2.34-7.32.1
pdsh_slurm_20_02-debugsource: before 2.34-7.32.1
pdsh_slurm_18_08-debugsource: before 2.34-7.32.1
pdsh-slurm_20_11-debuginfo: before 2.34-7.32.1
pdsh-slurm_20_11: before 2.34-7.32.1
pdsh-slurm_20_02-debuginfo: before 2.34-7.32.1
pdsh-slurm_20_02: before 2.34-7.32.1
pdsh-slurm_18_08-debuginfo: before 2.34-7.32.1
pdsh-slurm_18_08: before 2.34-7.32.1
pdsh-slurm-debuginfo: before 2.34-7.32.1
pdsh-slurm: before 2.34-7.32.1
pdsh-netgroup-debuginfo: before 2.34-7.32.1
pdsh-netgroup: before 2.34-7.32.1
pdsh-machines-debuginfo: before 2.34-7.32.1
pdsh-machines: before 2.34-7.32.1
pdsh-genders-debuginfo: before 2.34-7.32.1
pdsh-genders: before 2.34-7.32.1
pdsh-dshgroup-debuginfo: before 2.34-7.32.1
pdsh-dshgroup: before 2.34-7.32.1
pdsh-debugsource: before 2.34-7.32.1
pdsh-debuginfo: before 2.34-7.32.1
pdsh: before 2.34-7.32.1
libslurm36-debuginfo: before 20.11.4-3.5.1
libslurm36: before 20.11.4-3.5.1
libpmi0_20_11-debuginfo: before 20.11.4-3.5.1
libpmi0_20_11: before 20.11.4-3.5.1
libnss_slurm2_20_11-debuginfo: before 20.11.4-3.5.1
libnss_slurm2_20_11: before 20.11.4-3.5.1

SB2021031223 - SUSE update for slurm_20_11 and pdsh

Breakdown by Severity

Description

Remediation

References

Please verify you're human