First published: Sat Dec 27 2014(Updated: )
apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cray Cray Linux Environment | <=4.2 | |
Cray Cray Linux Environment | =5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-0748 is identified as critical due to its potential to allow local users to gain elevated privileges.
To mitigate CVE-2014-0748, update to Cray Linux Environment version 4.2.UP02 or later or version 5.1.UP00 or later.
CVE-2014-0748 affects local users on Cray devices running Cray Linux Environment versions prior to 4.2.UP02 or 5.1.UP00.
The impact of CVE-2014-0748 is that it allows local users to compromise system integrity through privilege escalation.
There are no known workarounds for CVE-2014-0748, so updating the software is the recommended solution.