Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0748

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2014-0748
Last Modified 30 Dec 2014 06:22:17
Published 26 Dec 2014 09:59:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-0748

Summary

apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.

Vulnerable Systems

Operating System

  • Cray Linux Environment 4.2

  • Cray Linux Environment 5.1


References

MISC - https://labs.mwrinfosecurity.com/advisories/2014/01/31/cray-aprunapinit-privilege-escalation/


Last Updated: 27 May 2016 11:07:22