Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5F0B8EF9C246AE5F360626F9CB371B5C3A3B91BF948354C4E0DC5EF4B1A4AFD1
HistoryOct 18, 2018 - 6:20 a.m.

Security Bulletin: IBM Spectrum LSF is affected by a privilege escalation vulnerability

2018-10-1806:20:02
www.ibm.com
9

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

IBM Spectrum LSF has addressed the following vulnerability. Enhancing the eauth executable file to prevent the preloading of getuid to avoid the users changing their job user at job submission time.

Vulnerability Details

CVEID:CVE-2018-1724 **DESCRIPTION:*IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147439&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected IBM Platform LSF

|

Affected Versions

—|—

IBM Spectrum LSF

|

10.1

IBM Spectrum LSF

|

9.1.1

IBM Spectrum LSF

|

9.1.2

IBM Spectrum LSF

|

9.1.3

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation / First Fix

—|—|—|—

IBM Spectrum LSF

|

10.1

|

P102716

|

http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=lsf-10.1-build501633&amp;includeSupersedes=0

IBM Spectrum LSF

|

9.1.1

|

P102716

|

http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+LSF&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=lsf-9.1.1-build501933&amp;includeSupersedes=0

IBM Spectrum LSF

|

9.1.2

|

P102716

|

http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+LSF&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=lsf-9.1.2-build501919&amp;includeSupersedes=0

IBM Spectrum LSF

|

9.1.3

|

P102716

|

http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+LSF&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=lsf-9.1.3-build501909&amp;includeSupersedes=0

Workarounds and Mitigations

Workaround: Create eauth key in /etc/lsf.sudoers file on each host.

CPENameOperatorVersion
ibm spectrum lsfeqany

Related

cvelist 1
prion 1
cve 1
nvd 1
cvelist
cvelist
CVE-2018-1724
2018-10-07 00:00:00
prion
prion
Design/Logic Flaw
2018-10-11 12:29:00
cve
cve
CVE-2018-1724
2018-10-11 12:29:00
nvd
nvd
CVE-2018-1724
2018-10-11 12:29:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for 5F0B8EF9C246AE5F360626F9CB371B5C3A3B91BF948354C4E0DC5EF4B1A4AFD1
cvelist1prion1cve1nvd1