Published: 30/05/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

SchedMD Slurm prior to 17.02.11 and 17.1x.x prior to 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).

Vulnerable Product	Search on Vulmon	Subscribe to Product
schedmd slurm 17.11.3.2
schedmd slurm 17.11.4.1
schedmd slurm 17.11.5.1
schedmd slurm 17.11.6.1
schedmd slurm 17.11.0.0
schedmd slurm 17.11.0.1
schedmd slurm 17.11.1.2
schedmd slurm 17.11.3.1
schedmd slurm
schedmd slurm 17.11.1.1
schedmd slurm 17.11.2.1
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #900548 slurm-llnl: CVE-2018-10995: Insecure handling of username and gid fields Package: src:slurm-llnl; Maintainer for src:slurm-llnl is Debian HPC Team <debian-hpc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 1 Jun 2018 07:54:01 UTC Severity: grave T ...

Several vulnerabilities were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-7033 Incomplete sanitization of user-provided text strings could lead to SQL injection att ...

CWE-20 https://www.schedmd.com/news.php?id=203 https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html https://lists.debian.org/debian-lts-announce/2018/07/msg00029.html https://www.debian.org/security/2018/dsa-4254 https://lists.debian.org/debian-lts-announce/2018/08/msg00008.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900548 https://www.debian.org/security/./dsa-4254 https://nvd.nist.gov

CVE-2018-10995

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect