CVE-2017-15566
Published: 1 November 2017
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.
Notes
| Author | Note |
|---|---|
| msalvatore | "This issue affects all Slurm versions from 15.08.0" |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
slurm-llnl Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Not vulnerable
(17.11.2-1build1)
|
|
| cosmic |
Not vulnerable
(17.11.2-1build1)
|
|
| disco |
Not vulnerable
(17.11.2-1build1)
|
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(19.05.3.2-2)
|
|
| impish |
Does not exist
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Released
(16.05.11, 17.02.9, 17.11.0rc2)
|
|
| zesty |
Ignored
(end of life)
|
|
| groovy |
Not vulnerable
(19.05.3.2-2)
|
|
| hirsute |
Does not exist
|
|
| jammy |
Does not exist
|
|
| xenial |
Released
(15.08.7-1ubuntu0.1~esm3)
Available with Ubuntu Pro |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |