ID CVE-2018-10995
Summary SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).
References
Vulnerable Configurations
  • SchedMD Slurm 17.02.10.1
    cpe:2.3:a:schedmd:slurm:17.02.10.1
  • SchedMD Slurm 17.11.0.0 Pre 1
    cpe:2.3:a:schedmd:slurm:17.11.0.0:pre1
  • SchedMD Slurm 17.11.0.0 Pre 2
    cpe:2.3:a:schedmd:slurm:17.11.0.0:pre2
  • SchedMD Slurm 17.11.0.0 Release Candidate 1
    cpe:2.3:a:schedmd:slurm:17.11.0.0:rc1
  • SchedMD Slurm 17.11.0.0 Release Candidate 2
    cpe:2.3:a:schedmd:slurm:17.11.0.0:rc2
  • SchedMD Slurm 17.11.0.0 Release Candidate 3
    cpe:2.3:a:schedmd:slurm:17.11.0.0:rc3
  • SchedMD Slurm 17.11.0.1
    cpe:2.3:a:schedmd:slurm:17.11.0.1
  • SchedMD Slurm 17.11.1.1
    cpe:2.3:a:schedmd:slurm:17.11.1.1
  • SchedMD Slurm 17.11.1.2
    cpe:2.3:a:schedmd:slurm:17.11.1.2
  • SchedMD Slurm 17.11.2.1
    cpe:2.3:a:schedmd:slurm:17.11.2.1
  • SchedMD Slurm 17.11.3.1
    cpe:2.3:a:schedmd:slurm:17.11.3.1
  • SchedMD Slurm 17.11.3.2
    cpe:2.3:a:schedmd:slurm:17.11.3.2
  • SchedMD Slurm 17.11.4.1
    cpe:2.3:a:schedmd:slurm:17.11.4.1
  • SchedMD Slurm 17.11.5.1
    cpe:2.3:a:schedmd:slurm:17.11.5.1
  • SchedMD Slurm 17.11.6.1
    cpe:2.3:a:schedmd:slurm:17.11.6.1
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-19
CAPEC
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • XML Client-Side Attack
    Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-729.NASL
    description This update for slurm to version 17.11.7 fixes the following issues : This security issue was fixed : - CVE-2018-10995: Ensure correct handling of user names and group ids (bsc#1095508). These non-security issues were fixed : - CRAY - Add slurmsmwd to the contribs/cray dir - PMIX - Added the direct connect authentication. - Prevent the backup slurmctld from losing the active/available node features list on takeover. - Be able to force power_down of cloud node even if in power_save state. - Allow cloud nodes to be recognized in Slurm when booted out of band. - Notify srun and ctld when unkillable stepd exits. - Fixes daemoniziation in newly introduced slurmsmwd daemon. The following tracked packaging changes are included : - avoid postun error in libpmi0 (bsc#1100850) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 111100
    published 2018-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111100
    title openSUSE Security Update : slurm (openSUSE-2018-729)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1652-1.NASL
    description This update for slurm to version 17.02.11 fixes the following issues: This security issue was fixed : - CVE-2018-10995: Ensure proper handling of user names (aka user_name fields) and group ids (aka gid fields) (bsc#1095508). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120024
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120024
    title SUSE SLES12 Security Update : slurm (SUSE-SU-2018:1652-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1925-1.NASL
    description This update for slurm to version 17.11.7 fixes the following issues: This security issue was fixed : - CVE-2018-10995: Ensure correct handling of user names and group ids (bsc#1095508). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120039
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120039
    title SUSE SLES15 Security Update : slurm (SUSE-SU-2018:1925-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4254.NASL
    description Several vulnerabilities were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-7033 Incomplete sanitization of user-provided text strings could lead to SQL injection attacks against slurmdbd. - CVE-2018-10995 Insecure handling of user_name and gid fields leading to improper authentication handling.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 111316
    published 2018-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111316
    title Debian DSA-4254-1 : slurm-llnl - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-8F5A50E4D7.NASL
    description Security fix for CVE-2018-10995 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110428
    published 2018-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110428
    title Fedora 27 : slurm (2018-8f5a50e4d7)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1437.NASL
    description The security update for slurm-llnl introduced a regression in the fix for CVE-2018-10995 which broke accounting. For Debian 8 'Jessie', this problem has been fixed in version 14.03.9-5+deb8u4. We recommend that you upgrade your slurm-llnl packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 111222
    published 2018-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111222
    title Debian DLA-1437-2 : slurm-llnl regression update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D54C4F6452.NASL
    description Security fix for CVE-2018-10995 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120826
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120826
    title Fedora 28 : slurm (2018-d54c4f6452)
refmap via4
debian DSA-4254
misc
mlist
  • [debian-lts-announce] 20180721 [SECURITY] [DLA 1437-1] slurm-llnl security update
  • [debian-lts-announce] 20180808 [SECURITY] [DLA 1437-2] slurm-llnl regression update
Last major update 30-05-2018 - 16:29
Published 30-05-2018 - 16:29
Last modified 07-03-2019 - 13:37
Back to Top