DSA-4023-1 slurm-llnl -- slurm-llnlID: oval:org.secpod.oval:def:603159 | Date: (C)2021-01-06 (M)2023-04-19 |
Class: PATCH | Family: unix |
Ryan Day discovered that the Simple Linux Utility for Resource Management , a cluster resource management and job scheduling system, does not properly handle SPANK environment variables, allowing a user permitted to submit jobs to execute code as root during the Prolog or Epilog. All systems using a Prolog or Epilog script are vulnerable, regardless of whether SPANK plugins are in use.
Product: |
libslurmdb30 |
slurmctld |
libpmi2-0 |
libslurmdb-perl |
slurm-llnl |
slurmd |
libpmi0 |
slurm-wlm |
libslurm-dev |
libslurm30 |
slurm-client |
libslurmdb-dev |
sview |
libslurm-perl |
libpam-slurm |