Vulnerabilities > CVE-2017-15566 - Untrusted Search Path vulnerability in Schedmd Slurm
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging/Manipulating Configuration File Search Paths This attack loads a malicious resource into a program's standard path used to bootstrap and/or provide contextual information for a program like a path variable or classpath. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker. A standard UNIX path looks similar to this If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers' behalf: This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-3311-1.NASL description This update for slurm fixes the following issues: Slurm was updated to 17.02.9 to fix a security bug, bringing new features and bugfixes (fate#323998 bsc#1067580). Security issue fixed : - CVE-2017-15566: Fix security issue in Prolog and Epilog by always prepending SPANK_ to all user-set environment variables. (bsc#1065697) Changes in 17.02.9 : - When resuming powered down nodes, mark DOWN nodes right after ResumeTimeout has been reached (previous logic would wait about one minute longer). - Fix sreport not showing full column name for TRES Count. - Fix slurmdb_reservations_get() giving wrong usage data when job last seen 2020-03-24 modified 2019-01-02 plugin id 120011 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120011 title SUSE SLES12 Security Update : slurm (SUSE-SU-2017:3311-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4023.NASL description Ryan Day discovered that the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, does not properly handle SPANK environment variables, allowing a user permitted to submit jobs to execute code as root during the Prolog or Epilog. All systems using a Prolog or Epilog script are vulnerable, regardless of whether SPANK plugins are in use. last seen 2020-06-01 modified 2020-06-02 plugin id 104442 published 2017-11-08 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104442 title Debian DSA-4023-1 : slurm-llnl - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0443-1.NASL description This update for pdsh, slurm_18_08 fixes the following issues : Slurm was included in the 18.08 release, as last seen 2020-03-18 modified 2020-02-25 plugin id 134036 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134036 title SUSE SLED15 / SLES15 Security Update : pdsh, slurm_18_08 (SUSE-SU-2020:0443-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0434-1.NASL description This update for pdsh, slurm_18_08 fixes the following issues : Slurm was included in the 18.08 release, as last seen 2020-03-18 modified 2020-02-24 plugin id 133949 published 2020-02-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133949 title SUSE SLES12 Security Update : pdsh, slurm_18_08 (SUSE-SU-2020:0434-1) NASL family Fedora Local Security Checks NASL id FEDORA_2017-4DAD5165DC.NASL description Upstream version 17.02.9 closes privilege escalation issue [CVE-2017-15566](https://nvd.nist.gov/vuln/detail/CVE-2017-15566). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105873 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105873 title Fedora 27 : slurm (2017-4dad5165dc)