CVE-2016-10030
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all Slurm versions from 0.6.0 (September 2005) to present. Workarounds to prevent exploitation of this are to either disable your Prolog script, or modify it such that it always returns 0 ("success") and adjust it to set the node as down using scontrol instead of relying on the slurmd to handle that automatically. If you do not have a Prolog set you are unaffected by this issue.
La función _prolog_error en slurmd/req.c en Slurm en versiones anteriores a 15.08.13, 16.x en versiones anteriores a 16.05.7 y 17.x en versiones anteriores a 17.02.0-pre4 tiene una vulnerabilidad en como el slurmd daemon informa a los usuarios de un fallo Prolog en un nodo de cálculo. Esta vulnerabilidad podría permitir a un usuario asumir el control de un archivo arbitrario en el sistema. Cualquier explotación de esto depende de que el usuario pueda provocar o anticipar el fallo (código de retorno distinto de cero) de una secuencia de comandos Prolog que ejecutaría su trabajo. Este problema afecta a todas las versiones de Slurm desde la 0.6.0 (septiembre de 2005) hasta el presente. Las soluciones para evitar la explotación de esto son para deshabilitar su secuencia de comandos Prolog, o modificarlo de tal manera que siempre devuelva 0 ("éxito") y ajustarlo para establecer el nodo como caído utilizando scontrol en lugar de confiar en slurmd para manejarlo automáticamente. Si no tiene un conjunto Prolog, no se verá afectado por este problema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-22 CVE Reserved
- 2017-01-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95299 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee | 2017-01-11 |
| URL | Date | SRC |
|---|---|---|
| https://www.schedmd.com/news.php?id=178 | 2017-01-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | <= 15.08.12 Search vendor "Schedmd" for product "Slurm" and version " <= 15.08.12" | - |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 16.05.0 Search vendor "Schedmd" for product "Slurm" and version "16.05.0" | - |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 16.05.0 Search vendor "Schedmd" for product "Slurm" and version "16.05.0" | pre1 |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 16.05.0 Search vendor "Schedmd" for product "Slurm" and version "16.05.0" | pre2 |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 16.05.0 Search vendor "Schedmd" for product "Slurm" and version "16.05.0" | rc1 |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 16.05.0 Search vendor "Schedmd" for product "Slurm" and version "16.05.0" | rc2 |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 16.05.1 Search vendor "Schedmd" for product "Slurm" and version "16.05.1" | - |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 16.05.2 Search vendor "Schedmd" for product "Slurm" and version "16.05.2" | - |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 16.05.3 Search vendor "Schedmd" for product "Slurm" and version "16.05.3" | - |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 16.05.4 Search vendor "Schedmd" for product "Slurm" and version "16.05.4" | - |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 16.05.5 Search vendor "Schedmd" for product "Slurm" and version "16.05.5" | - |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 16.05.6 Search vendor "Schedmd" for product "Slurm" and version "16.05.6" | - |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 17.02.0 Search vendor "Schedmd" for product "Slurm" and version "17.02.0" | pre1 |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 17.02.0 Search vendor "Schedmd" for product "Slurm" and version "17.02.0" | pre2 |
Affected
| ||||||
| Schedmd Search vendor "Schedmd" | Slurm Search vendor "Schedmd" for product "Slurm" | 17.02.0 Search vendor "Schedmd" for product "Slurm" and version "17.02.0" | pre3 |
Affected
| ||||||