Vulnerabilities > CVE-2016-10030 - Improper Access Control vulnerability in Schedmd Slurm

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

schedmd

CWE-284

nessus

NVD

Published: 2017-01-05

Updated: 2024-11-21

Summary

The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all Slurm versions from 0.6.0 (September 2005) to present. Workarounds to prevent exploitation of this are to either disable your Prolog script, or modify it such that it always returns 0 ("success") and adjust it to set the node as down using scontrol instead of relying on the slurmd to handle that automatically. If you do not have a Prolog set you are unaffected by this issue.

Vulnerable Configurations

Part	Description	Count
Application	Schedmd Schedmd Slurm 17.02.0 Schedmd Slurm 16.05.0 Schedmd Slurm 16.05.1 Schedmd Slurm 16.05.3 Schedmd Slurm 16.05.6 Schedmd Slurm 1.0.0.1 Schedmd Slurm 1.0.1.1 Schedmd Slurm 1.0.2.1 Schedmd Slurm 1.0.3.1 Schedmd Slurm 1.0.4.1 Schedmd Slurm 1.0.5.1 Schedmd Slurm 1.0.6.1 Schedmd Slurm 1.0.7.1 Schedmd Slurm 1.0.8.1 Schedmd Slurm 1.0.9.1 Schedmd Slurm 1.0.10.1 Schedmd Slurm 1.0.11.1 Schedmd Slurm 1.0.12.1 Schedmd Slurm 1.0.13.1 Schedmd Slurm 1.0.14.1 Schedmd Slurm 1.0.15.1 Schedmd Slurm 1.0.16.1 Schedmd Slurm 1.0.17.1 Schedmd Slurm 1.1.0.1 Schedmd Slurm 1.1.1.1 Schedmd Slurm 1.1.2.1 Schedmd Slurm 1.1.3.1 Schedmd Slurm 1.1.4.1 Schedmd Slurm 1.1.5.1 Schedmd Slurm 1.1.6.1 Schedmd Slurm 1.1.7.1 Schedmd Slurm 1.1.8.1 Schedmd Slurm 1.1.9.1 Schedmd Slurm 1.1.10.1 Schedmd Slurm 1.1.11.1 Schedmd Slurm 1.1.12.1 Schedmd Slurm 1.1.12.2 Schedmd Slurm 1.1.13.1 Schedmd Slurm 1.1.14.1 Schedmd Slurm 1.1.15.1 Schedmd Slurm 1.1.16.1 Schedmd Slurm 1.1.17.1 Schedmd Slurm 1.1.18.1 Schedmd Slurm 1.1.19.1 Schedmd Slurm 1.1.20.1 Schedmd Slurm 1.1.21.1 Schedmd Slurm 1.1.22.1 Schedmd Slurm 1.1.23.1 Schedmd Slurm 1.1.24.1 Schedmd Slurm 1.1.25.1 Schedmd Slurm 1.1.26.1 Schedmd Slurm 1.1.27.1 Schedmd Slurm 1.1.28.1 Schedmd Slurm 1.1.29.1 Schedmd Slurm 1.1.30.1 Schedmd Slurm 1.1.31.1 Schedmd Slurm 1.1.32.1 Schedmd Slurm 1.1.33.1 Schedmd Slurm 1.1.34.1 Schedmd Slurm 1.1.35.1 Schedmd Slurm 1.1.36.1 Schedmd Slurm 1.2.0.1 Schedmd Slurm 1.2.1.1 Schedmd Slurm 1.2.2.1 Schedmd Slurm 1.2.3.1 Schedmd Slurm 1.2.4.1 Schedmd Slurm 1.2.5.1 Schedmd Slurm 1.2.6.1 Schedmd Slurm 1.2.7.1 Schedmd Slurm 1.2.8.1 Schedmd Slurm 1.2.9.1 Schedmd Slurm 1.2.10.1 Schedmd Slurm 1.2.11.1 Schedmd Slurm 1.2.12.1 Schedmd Slurm 1.2.13.1 Schedmd Slurm 1.2.14.1 Schedmd Slurm 1.2.15.1 Schedmd Slurm 1.2.16.1 Schedmd Slurm 1.2.17.1 Schedmd Slurm 1.2.18.1 Schedmd Slurm 1.2.19.1 Schedmd Slurm 1.2.20.1 Schedmd Slurm 1.2.21.1 Schedmd Slurm 1.2.22.1 Schedmd Slurm 1.2.23.1 Schedmd Slurm 1.2.24.1 Schedmd Slurm 1.2.25.1 Schedmd Slurm 1.2.26.1 Schedmd Slurm 1.2.27.1 Schedmd Slurm 1.2.28.1 Schedmd Slurm 1.2.29.1 Schedmd Slurm 1.2.30.1 Schedmd Slurm 1.2.31.1 Schedmd Slurm 1.2.32.1 Schedmd Slurm 1.2.33.1 Schedmd Slurm 1.2.34.1 Schedmd Slurm 1.2.35.1 Schedmd Slurm 1.3.0.1 Schedmd Slurm 1.3.1.1 Schedmd Slurm 1.3.2.1 Schedmd Slurm 1.3.3.1 Schedmd Slurm 1.3.4.1 Schedmd Slurm 1.3.5.1 Schedmd Slurm 1.3.6.1 Schedmd Slurm 1.3.7.1 Schedmd Slurm 1.3.8.1 Schedmd Slurm 1.3.8.2 Schedmd Slurm 1.3.8.3 Schedmd Slurm 1.3.8.4 Schedmd Slurm 1.3.8.5 Schedmd Slurm 1.3.9.1 Schedmd Slurm 1.3.10.1 Schedmd Slurm 1.3.11.1 Schedmd Slurm 1.3.12.1 Schedmd Slurm 1.3.13.1 Schedmd Slurm 1.3.14.1 Schedmd Slurm 1.3.14.2 Schedmd Slurm 1.3.14.3 Schedmd Slurm 1.3.14.4 Schedmd Slurm 1.3.14.5 Schedmd Slurm 1.3.15.1 Schedmd Slurm 1.3.15.2 Schedmd Slurm 1.3.15.3 Schedmd Slurm 1.3.16.1 Schedmd Slurm 2.0.0.1 Schedmd Slurm 2.0.0.2 Schedmd Slurm 2.0.0.3 Schedmd Slurm 2.0.1.1 Schedmd Slurm 2.0.2.1 Schedmd Slurm 2.0.3.1 Schedmd Slurm 2.0.4.1 Schedmd Slurm 2.0.5.1 Schedmd Slurm 2.0.6.1 Schedmd Slurm 2.0.6.2 Schedmd Slurm 2.0.6.3 Schedmd Slurm 2.0.7.1 Schedmd Slurm 2.0.8.1 Schedmd Slurm 2.0.9.1 Schedmd Slurm 2.1.0.1 Schedmd Slurm 2.1.1.1 Schedmd Slurm 2.1.2.1 Schedmd Slurm 2.1.3.1 Schedmd Slurm 2.1.3.2 Schedmd Slurm 2.1.4.1 Schedmd Slurm 2.1.5.1 Schedmd Slurm 2.1.6.1 Schedmd Slurm 2.1.6.2 Schedmd Slurm 2.1.7.1 Schedmd Slurm 2.1.8.1 Schedmd Slurm 2.1.8.2 Schedmd Slurm 2.1.9.1 Schedmd Slurm 2.1.10.1 Schedmd Slurm 2.1.11.1 Schedmd Slurm 2.1.11.2 Schedmd Slurm 2.1.12.1 Schedmd Slurm 2.1.12.2 Schedmd Slurm 2.1.13.1 Schedmd Slurm 2.1.14.1 Schedmd Slurm 2.1.15.1 Schedmd Slurm 2.1.15.2 Schedmd Slurm 2.1.16.1 Schedmd Slurm 2.1.17.1 Schedmd Slurm 2.2.0.1 Schedmd Slurm 2.2.1.1 Schedmd Slurm 2.2.1.2 Schedmd Slurm 2.2.2.1 Schedmd Slurm 2.2.3.1 Schedmd Slurm 2.2.4.1 Schedmd Slurm 2.2.5.1 Schedmd Slurm 2.2.6.1 Schedmd Slurm 2.2.7.1 Schedmd Slurm 2.3.0.0 Schedmd Slurm 2.3.0.1 Schedmd Slurm 2.3.0.2 Schedmd Slurm 2.3.1 Schedmd Slurm 2.3.1.1 Schedmd Slurm 2.3.2 Schedmd Slurm 2.3.2.1 Schedmd Slurm 2.3.3 Schedmd Slurm 2.3.3.1 Schedmd Slurm 2.3.4 Schedmd Slurm 2.3.4.1 Schedmd Slurm 2.3.5 Schedmd Slurm 2.3.5.1 Schedmd Slurm 2.4.0 Schedmd Slurm 2.4.0.0 Schedmd Slurm 2.4.0.1 Schedmd Slurm 2.4.1 Schedmd Slurm 2.4.1.1 Schedmd Slurm 2.4.2 Schedmd Slurm 2.4.2.1 Schedmd Slurm 2.4.3 Schedmd Slurm 2.4.3.0 Schedmd Slurm 2.4.4 Schedmd Slurm 2.4.4.1 Schedmd Slurm 2.4.5.1 Schedmd Slurm 2.5.0 Schedmd Slurm 2.5.0.0 Schedmd Slurm 2.5.0.1 Schedmd Slurm 2.5.1.1 Schedmd Slurm 2.5.2 Schedmd Slurm 2.5.2.1 Schedmd Slurm 2.5.3 Schedmd Slurm 2.5.3.1 Schedmd Slurm 2.5.4 Schedmd Slurm 2.5.4.1 Schedmd Slurm 2.5.5 Schedmd Slurm 2.5.5.1 Schedmd Slurm 2.5.6 Schedmd Slurm 2.5.6.1 Schedmd Slurm 2.5.7 Schedmd Slurm 2.5.7.1 Schedmd Slurm 2.6.0 Schedmd Slurm 2.6.0.1 Schedmd Slurm 2.6.1 Schedmd Slurm 2.6.1.1 Schedmd Slurm 2.6.2 Schedmd Slurm 2.6.2.1 Schedmd Slurm 2.6.3 Schedmd Slurm 2.6.3.1 Schedmd Slurm 2.6.4 Schedmd Slurm 2.6.4.1 Schedmd Slurm 2.6.5 Schedmd Slurm 2.6.5.1 Schedmd Slurm 2.6.6 Schedmd Slurm 2.6.6.1 Schedmd Slurm 2.6.6.2 Schedmd Slurm 2.6.7 Schedmd Slurm 2.6.7.1 Schedmd Slurm 2.6.8.1 Schedmd Slurm 2.6.9.1 Schedmd Slurm 13.12.0.0 Schedmd Slurm 14.03.0.0 Schedmd Slurm 14.03.0.1 Schedmd Slurm 14.03.1 Schedmd Slurm 14.03.1.1 Schedmd Slurm 14.03.1.2 Schedmd Slurm 14.03.2 Schedmd Slurm 14.03.2.1 Schedmd Slurm 14.03.3 Schedmd Slurm 14.03.3.1 Schedmd Slurm 14.03.3.2 Schedmd Slurm 14.03.4 Schedmd Slurm 14.03.4.1 Schedmd Slurm 14.03.4.2 Schedmd Slurm 14.03.5 Schedmd Slurm 14.03.5.1 Schedmd Slurm 14.03.6 Schedmd Slurm 14.03.6.1 Schedmd Slurm 14.03.7 Schedmd Slurm 14.03.7.1 Schedmd Slurm 14.03.8 Schedmd Slurm 14.03.8.1 Schedmd Slurm 14.03.9 Schedmd Slurm 14.03.9.1 Schedmd Slurm 14.03.10 Schedmd Slurm 14.03.10.1 Schedmd Slurm 14.03.11.1 Schedmd Slurm 14.11.0 Schedmd Slurm 14.11.0.0 Schedmd Slurm 14.11.0.1 Schedmd Slurm 14.11.1.1 Schedmd Slurm 14.11.2 Schedmd Slurm 14.11.2.1 Schedmd Slurm 14.11.3 Schedmd Slurm 14.11.3.1 Schedmd Slurm 14.11.4 Schedmd Slurm 14.11.4.1 Schedmd Slurm 14.11.5 Schedmd Slurm 14.11.5.1 Schedmd Slurm 14.11.6 Schedmd Slurm 14.11.6.1 Schedmd Slurm 14.11.7 Schedmd Slurm 14.11.7.1 Schedmd Slurm 14.11.8 Schedmd Slurm 14.11.8.1 Schedmd Slurm 14.11.9 Schedmd Slurm 14.11.9.1 Schedmd Slurm 14.11.10.1 Schedmd Slurm 14.11.11 Schedmd Slurm 14.11.11.1 Schedmd Slurm 15.08.0.0 Schedmd Slurm 15.08.0.1 Schedmd Slurm 15.08.1 Schedmd Slurm 15.08.1.1 Schedmd Slurm 15.08.2 Schedmd Slurm 15.08.2.1 Schedmd Slurm 15.08.3 Schedmd Slurm 15.08.3.1 Schedmd Slurm 15.08.4 Schedmd Slurm 15.08.4.1 Schedmd Slurm 15.08.5 Schedmd Slurm 15.08.5.1 Schedmd Slurm 15.08.6 Schedmd Slurm 15.08.6.1 Schedmd Slurm 15.08.7 Schedmd Slurm 15.08.7.1 Schedmd Slurm 15.08.8 Schedmd Slurm 15.08.8.1 Schedmd Slurm 15.08.9 Schedmd Slurm 15.08.9.1 Schedmd Slurm 15.08.10 Schedmd Slurm 15.08.10.1 Schedmd Slurm 15.08.11 Schedmd Slurm 15.08.11.1 Schedmd Slurm 15.08.12 Schedmd Slurm 16.05.2 Schedmd Slurm 16.05.4 Schedmd Slurm 16.05.5	366

Common Weakness Enumeration (CWE)

CWE-284 - Improper Access Control

Common Attack Pattern Enumeration and Classification (CAPEC)

Embedding Scripts within Scripts
An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0443-1.NASL
description	This update for pdsh, slurm_18_08 fixes the following issues : Slurm was included in the 18.08 release, as
last seen	2020-03-18
modified	2020-02-25
plugin id	134036
published	2020-02-25
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134036
title	SUSE SLED15 / SLES15 Security Update : pdsh, slurm_18_08 (SUSE-SU-2020:0443-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0443-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(134036); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2016-10030", "CVE-2017-15566", "CVE-2018-10995", "CVE-2018-7033", "CVE-2019-12838", "CVE-2019-19727", "CVE-2019-19728", "CVE-2019-6438"); script_name(english:"SUSE SLED15 / SLES15 Security Update : pdsh, slurm_18_08 (SUSE-SU-2020:0443-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for pdsh, slurm_18_08 fixes the following issues : Slurm was included in the 18.08 release, as 'slurm_18_08' package. The version 18.08.9 contains all recent security fixes, including : CVE-2019-19728: Fixed a privilege escalation with srun, where --uid might have unintended side effects (bsc#1159692). CVE-2019-19727: Fixed permissions of slurmdbd.conf (bsc#1155784). pdsh was updated to: Add support for an alternative SLURM version when building the slurm plugin. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1018371" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1065697" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085240" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1095508" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1123304" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1140709" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1155784" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158709" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158798" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159692" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-10030/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-15566/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-10995/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7033/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12838/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-19727/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-19728/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6438/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200443-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f5e4d795" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-443=1 SUSE Linux Enterprise Module for HPC 15-SP1:zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-443=1 SUSE Linux Enterprise Module for HPC 15:zypper in -t patch SUSE-SLE-Module-HPC-15-2020-443=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-10030"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpmi0_18_08"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpmi0_18_08-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libslurm33"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libslurm33-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-dshgroup"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-dshgroup-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-genders"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-genders-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-machines"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-machines-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-netgroup"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-netgroup-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-slurm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-slurm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-slurm_18_08"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-slurm_18_08-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-slurm_18_08"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-slurm_18_08-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-auth-none"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-auth-none-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-config"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-lua"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-lua-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-munge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-munge-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-node"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-node-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-pam_slurm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-pam_slurm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-plugins-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-slurmdbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-slurmdbd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-sql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-torque"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-torque-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/05"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15\|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0\|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-debugsource-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-dshgroup-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-dshgroup-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-genders-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-genders-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-machines-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-machines-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-netgroup-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-netgroup-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-slurm-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-slurm-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-slurm_18_08-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"pdsh-slurm_18_08-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-debugsource-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-dshgroup-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-dshgroup-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-genders-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-genders-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-machines-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-machines-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-netgroup-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-netgroup-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-slurm-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-slurm-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-slurm_18_08-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"pdsh-slurm_18_08-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libpmi0_18_08-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libpmi0_18_08-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libslurm33-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libslurm33-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-debugsource-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-dshgroup-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-dshgroup-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-genders-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-genders-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-machines-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-machines-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-netgroup-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-netgroup-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-slurm-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-slurm-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-slurm_18_08-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"pdsh-slurm_18_08-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"perl-slurm_18_08-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"perl-slurm_18_08-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-auth-none-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-auth-none-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-config-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-debugsource-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-devel-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-doc-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-lua-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-lua-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-munge-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-munge-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-node-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-node-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-pam_slurm-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-pam_slurm-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-plugins-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-plugins-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-slurmdbd-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-slurmdbd-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-sql-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-sql-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-torque-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"slurm_18_08-torque-debuginfo-18.08.9-1.5.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-debugsource-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-dshgroup-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-dshgroup-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-genders-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-genders-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-machines-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-machines-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-netgroup-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-netgroup-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-slurm-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-slurm-debuginfo-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-slurm_18_08-2.33-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"pdsh-slurm_18_08-debuginfo-2.33-7.6.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdsh / slurm_18_08"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0434-1.NASL
description	This update for pdsh, slurm_18_08 fixes the following issues : Slurm was included in the 18.08 release, as
last seen	2020-03-18
modified	2020-02-24
plugin id	133949
published	2020-02-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133949
title	SUSE SLES12 Security Update : pdsh, slurm_18_08 (SUSE-SU-2020:0434-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0434-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(133949); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/26"); script_cve_id("CVE-2016-10030", "CVE-2017-15566", "CVE-2018-10995", "CVE-2018-7033", "CVE-2019-12838", "CVE-2019-19727", "CVE-2019-19728", "CVE-2019-6438"); script_name(english:"SUSE SLES12 Security Update : pdsh, slurm_18_08 (SUSE-SU-2020:0434-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for pdsh, slurm_18_08 fixes the following issues : Slurm was included in the 18.08 release, as 'slurm_18_08' package. The version 18.08.9 contains all recent security fixes, including : CVE-2019-19728: Fixed a privilege escalation with srun, where --uid might have unintended side effects (bsc#1159692). CVE-2019-19727: Fixed permissions of slurmdbd.conf (bsc#1155784). pdsh was updated to: Add support for an alternative SLURM version when building the slurm plugin. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1018371" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1065697" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085240" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1095508" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1123304" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1140709" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1155784" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158709" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158798" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159692" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-10030/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-15566/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-10995/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7033/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12838/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-19727/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-19728/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6438/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200434-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?202a566d" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for HPC 12:zypper in -t patch SUSE-SLE-Module-HPC-12-2020-434=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-10030"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpmi0_18_08"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpmi0_18_08-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libslurm33"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libslurm33-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-dshgroup"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-dshgroup-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-genders"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-genders-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-machines"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-machines-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-netgroup"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-netgroup-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-slurm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-slurm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-slurm_18_08"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:pdsh-slurm_18_08-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-slurm_18_08"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-slurm_18_08-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-auth-none"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-auth-none-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-config"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-lua"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-lua-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-munge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-munge-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-node"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-node-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-pam_slurm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-pam_slurm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-plugins-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-slurmdbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-slurmdbd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-sql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-torque"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:slurm_18_08-torque-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/05"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"libpmi0_18_08-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"libpmi0_18_08-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"libslurm33-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"libslurm33-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-debuginfo-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-debugsource-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-dshgroup-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-dshgroup-debuginfo-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-genders-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-genders-debuginfo-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-machines-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-machines-debuginfo-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-netgroup-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-netgroup-debuginfo-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-slurm-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-slurm-debuginfo-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-slurm_18_08-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"pdsh-slurm_18_08-debuginfo-2.33-7.18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"perl-slurm_18_08-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"perl-slurm_18_08-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-auth-none-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-auth-none-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-config-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-debugsource-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-devel-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-doc-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-lua-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-lua-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-munge-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-munge-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-node-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-node-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-pam_slurm-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-pam_slurm-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-plugins-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-plugins-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-slurmdbd-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-slurmdbd-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-sql-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-sql-debuginfo-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-torque-18.08.9-3.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"slurm_18_08-torque-debuginfo-18.08.9-3.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdsh / slurm_18_08"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-921.NASL
description	With this vulnerability arbitrary files can be overwritten on nodes running jobs provided that the user can run a job that is able to trigger a failure of a Prolog script. For Debian 7
last seen	2020-03-17
modified	2017-04-28
plugin id	99715
published	2017-04-28
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/99715
title	Debian DLA-921-1 : slurm-llnl security update
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-921-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(99715); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2016-10030"); script_name(english:"Debian DLA-921-1 : slurm-llnl security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "With this vulnerability arbitrary files can be overwritten on nodes running jobs provided that the user can run a job that is able to trigger a failure of a Prolog script. For Debian 7 'Wheezy', these problems have been fixed in version 2.3.4-2+deb7u1. We recommend that you upgrade your slurm-llnl packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/04/msg00040.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/slurm-llnl" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-slurm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpmi0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpmi0-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libslurm-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libslurm-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libslurm23"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libslurmdb-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libslurmdb-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libslurmdb23"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:slurm-llnl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:slurm-llnl-basic-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:slurm-llnl-basic-plugins-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:slurm-llnl-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:slurm-llnl-slurmdbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:slurm-llnl-sview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:slurm-llnl-torque"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libpam-slurm", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libpmi0", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libpmi0-dev", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libslurm-dev", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libslurm-perl", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libslurm23", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libslurmdb-dev", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libslurmdb-perl", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libslurmdb23", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"slurm-llnl", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"slurm-llnl-basic-plugins", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"slurm-llnl-basic-plugins-dev", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"slurm-llnl-doc", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"slurm-llnl-slurmdbd", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"slurm-llnl-sview", reference:"2.3.4-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"slurm-llnl-torque", reference:"2.3.4-2+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References