IBM Spectrum LSF has addressed the following vulnerability. Enhancing the eauth executable file to prevent the preloading of getuid to avoid the users changing their job user at job submission time.
CVEID:CVE-2018-1724 **DESCRIPTION:*IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147439> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected IBM Platform LSF
|
Affected Versions
—|—
IBM Spectrum LSF
|
10.1
IBM Spectrum LSF
|
9.1.1
IBM Spectrum LSF
|
9.1.2
IBM Spectrum LSF
|
9.1.3
Product
|
VRMF
|
APAR
|
Remediation / First Fix
—|—|—|—
IBM Spectrum LSF
|
10.1
|
P102716
|
IBM Spectrum LSF
|
9.1.1
|
P102716
|
IBM Spectrum LSF
|
9.1.2
|
P102716
|
IBM Spectrum LSF
|
9.1.3
|
P102716
|
Workaround: Create eauth key in /etc/lsf.sudoers file on each host.
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum lsf | eq | any |