Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-15566
HistoryNov 01, 2017 - 12:00 a.m.

CVE-2017-15566

2017-11-0100:00:00
ubuntu.com
ubuntu.com
18

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.9%

Insecure SPANK environment variable handling exists in SchedMD Slurm before
16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing
privilege escalation to root during Prolog or Epilog execution.

Bugs

Notes

Author Note
msalvatore “This issue affects all Slurm versions from 15.08.0”
OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchslurm-llnl< 15.08.7-1ubuntu0.1~esm3UNKNOWN

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.9%