Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0318

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0318
Last Modified 05 Sep 2008 04:38:06
Published 23 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0318

Summary

Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.

Vulnerable Systems

Application

  • Platform Lsf 4.0

  • Platform Lsf 4.2

  • Platform Lsf 5.0

  • Platform Lsf 5.1

  • Platform Lsf 6.0


References

BID - 9724

BUGTRAQ - 20040223 Lam3rZ Security Advisory #2/2004: LSF eauth vulnerability leads to a possibility of controlling cluster jobs on behalf of other users

XF - lsf-eauth-process-hijack(15278)


Last Updated: 27 May 2016 10:38:34