Slurm could be made to send data to an arbitrary unix socket on the host.
Software Description:
- slurm-llnl: Simple Linux Utility for Resource Management
Details:
It was discovered that Slurm did not properly handle access control when
dealing with RPC traffic through PMI2 and PMIx, which could allow an
unprivileged user to send data to an arbitrary unix socket on the host.
An attacker could possibly use this issue to execute arbitrary code as
the root user.
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
libpam-slurm 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
libpmi0 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
libpmi2-0 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
libslurm32 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
libslurmdb32 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
slurm-client 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
slurm-wlm 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
slurmctld 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
slurmd 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
slurmdbd 17.11.2-1ubuntu0.1~esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libpam-slurm 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
libpmi0 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
libslurm29 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
libslurmdb29 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurm-client 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurm-llnl 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurm-wlm 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurmctld 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurmd 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
slurmdbd 15.08.7-1ubuntu0.1~esm6
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libpam-slurm 2.6.5-1ubuntu0.1~esm7
Available with Ubuntu Pro
libpmi0 2.6.5-1ubuntu0.1~esm7
Available with Ubuntu Pro
libslurm26 2.6.5-1ubuntu0.1~esm7
Available with Ubuntu Pro
libslurmdb26 2.6.5-1ubuntu0.1~esm7
Available with Ubuntu Pro
slurm-llnl 2.6.5-1ubuntu0.1~esm7
Available with Ubuntu Pro
After a standard system update you need to restart Slurm to make all the
necessary changes.https://ubuntu.com/security/notices/USN-8197-1
CVE-2022-29501
Get the latest Linux and open source security news straight to your inbox.