Critical

CVE-2004-0318 - Unspecified vulnerability in Platform LSF

Publication: 2004-11-23
Summary

Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Platform LSF 4.0
  • Platform LSF 4.2
  • Platform LSF 5.0
  • Platform LSF 5.1
  • Platform LSF 6.0