FKIE_CVE-2010-3380
Vulnerability from fkie_nvd - Published: 2010-09-29 17:00 - Updated: 2026-06-16 23:22
Severity
Summary
The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| llnl | slurm | * | |
| llnl | slurm | 1.3.10 | |
| llnl | slurm | 1.3.11 | |
| llnl | slurm | 1.3.12 | |
| llnl | slurm | 1.3.13 | |
| llnl | slurm | 1.3.14 | |
| llnl | slurm | 1.3.15 | |
| llnl | slurm | 2.0.0 | |
| llnl | slurm | 2.0.1 | |
| llnl | slurm | 2.0.2 | |
| llnl | slurm | 2.0.3 | |
| llnl | slurm | 2.0.4 | |
| llnl | slurm | 2.0.5 | |
| llnl | slurm | 2.0.6 | |
| llnl | slurm | 2.0.7 | |
| llnl | slurm | 2.0.8 | |
| llnl | slurm | 2.0.9 | |
| llnl | slurm | 2.1.0 | |
| llnl | slurm | 2.1.1 | |
| llnl | slurm | 2.1.2 | |
| llnl | slurm | 2.1.4 | |
| llnl | slurm | 2.1.5 | |
| llnl | slurm | 2.1.6 | |
| llnl | slurm | 2.1.7 | |
| llnl | slurm | 2.1.8 | |
| llnl | slurm | 2.1.9 | |
| llnl | slurm | 2.1.10 | |
| llnl | slurm | 2.1.11 | |
| llnl | slurm | 2.1.12 |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:llnl:slurm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D518FA8-DF9C-4F3B-BB4C-912CA7A86437",
"versionEndIncluding": "2.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5AE726-573F-42BF-A3B0-DDDC04983318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "73158CC3-2D7D-45CA-9CF1-5681E2F2B3B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "92E2C20C-65D2-457F-B3C6-9BD3955B2491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E5EBEA0E-EC65-4723-9FB3-5477C323B8EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8ADC3B-B282-4CD7-8676-3336E7A0186C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:1.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F58756A3-50B2-4BA3-BE54-1E1939C8FF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07D44DC4-8AED-42DF-9D89-C58B64DC429A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26C5BE27-D112-44D7-947B-4452E8A2B1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC65A02-EFE9-4D4E-A3A0-255A129CB506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9428EDAF-1BF4-422B-8508-D230FB44EB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B59C3482-49F1-4B0F-A886-ED1009F2F84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0905848-36CB-4182-9B66-EFCAB7F81E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6488CDA2-954A-45E0-875F-4DBAAC44F91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFCDF1A-9292-4C3F-88B0-20DFA2D1BDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBA6D0A-072B-4BFD-A48F-E0364AE71ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AF69D6F6-87D8-4DE3-B200-FD430E4A97CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E504DB-274E-46AE-83C1-7B912C2ED1E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "929811EA-399E-42A3-B68C-416B8C90600F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5726226-F2A8-42DC-AE33-082080A9F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8562C62-819E-40A9-99C5-111532AA9725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D62E2D28-F36E-4BFC-85B4-9BDD787EE3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F99F81D1-B6FB-436A-A0AE-29F2DBA2B07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAE61AE-BA38-4569-ADAB-2544088D5A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFB71C6-B415-49CB-AAF2-4798D77CA9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "95965877-464D-4557-A7D7-0203014011A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCB7A5C-1FFB-4C64-BEDC-D11CA7E5BD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "29B26745-83A6-4D13-8332-3EB6E2FDB216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:llnl:slurm:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7E841E17-2671-4113-BE97-F3C4CC480122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
},
{
"lang": "es",
"value": "Los scripts (1) init.d/slurm y (2) init.d/slurmdbd en SLURM anterior a v2.1.14 colocan el directorio . (punto) en el LD_LIBRARY_PATH, lo cual permite a usuarios locales conseguir privilegios a trav\u00e9s de una biblioteca compartida Troyanizada en el directorio de trabajo actual."
}
],
"id": "CVE-2010-3380",
"lastModified": "2026-06-16T23:22:40.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-29T17:00:05.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41614"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/43537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43537"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…