CVE-2014-0748

CVE-2014-0748 affects Cray Aprun/Apinit on Cray supercomputers. The issue arises from the apinit service not validating the UID in launch messages received via aprun against the ALPS-authenticated UID, allowing a local user to escalate privileges to root on a compute node. Affected versions were ...

CVE-2014-0748

apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912...