CVE-2009-2084
First published: Tue Jun 16 2009(Updated: )
Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SchedMD Slurm | <=1.3.13 | |
| SchedMD Slurm | =1.2 | |
| SchedMD Slurm | =1.3 | |
| SchedMD Slurm | =1.3.1 | |
| SchedMD Slurm | =1.3.2 | |
| SchedMD Slurm | =1.3.3 | |
| SchedMD Slurm | =1.3.4 | |
| SchedMD Slurm | =1.3.5 | |
| SchedMD Slurm | =1.3.6 | |
| SchedMD Slurm | =1.3.7 | |
| SchedMD Slurm | =1.3.8 | |
| SchedMD Slurm | =1.3.9 | |
| SchedMD Slurm | =1.3.10 | |
| SchedMD Slurm | =1.3.11 | |
| SchedMD Slurm | =1.3.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sourceforge.net/project/shownotes.php?release_id=676055&group_id=157944
- http://secunia.com/advisories/34831
- http://www.debian.org/security/2009/dsa-1776
- http://www.securityfocus.com/bid/34638
- http://www.vupen.com/english/advisories/2009/1128
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524980
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50127
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50126
Frequently Asked Questions
What is the severity of CVE-2009-2084?
CVE-2009-2084 is considered to have a medium severity due to the potential for privilege escalation.
How do I fix CVE-2009-2084?
To fix CVE-2009-2084, upgrade SLURM to version 1.3.14 or later.
What versions of SLURM are affected by CVE-2009-2084?
CVE-2009-2084 affects SLURM versions 1.2, 1.3, and all versions up to 1.3.13.
What vulnerabilities does CVE-2009-2084 exploit?
CVE-2009-2084 exploits improper setting of supplementary groups in the sbcast and strigger operations.
Who can exploit CVE-2009-2084?
Local SLURM users could exploit CVE-2009-2084 to modify files and gain additional privileges.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/llnl
- canonical/schedmd slurm
- version/schedmd slurm/1.3.13
- version/schedmd slurm/1.2
- version/schedmd slurm/1.3
- version/schedmd slurm/1.3.1
- version/schedmd slurm/1.3.2
- version/schedmd slurm/1.3.3
- version/schedmd slurm/1.3.4
- version/schedmd slurm/1.3.5
- version/schedmd slurm/1.3.6
- version/schedmd slurm/1.3.7
- version/schedmd slurm/1.3.8
- version/schedmd slurm/1.3.9
- version/schedmd slurm/1.3.10
- version/schedmd slurm/1.3.11
- version/schedmd slurm/1.3.12