[QSA-0507183] slurmdbd vulnerability
Qlustar Security Advisory 0507183
May 7th, 2018Summary:
The system could be made to run programs as an administrator and possible data loss.
Package(s) : slurmdbd
Qlustar releases : 10.0
Affected versions: All versions prior to this update
Vulnerability : privilege escalation / data loss
Problem type : local
Qlustar-specific : no
CVE Id(s) : CVE-2018-7033
Several issues were discovered with incomplete sanitization of user-provided text strings in the Slurm database daemon, which could potentially lead to SQL injection attacks against SlurmDBD itself. Such exploits could lead to a loss of accounting data, or escalation of user privileges on Qlustar clusters where Slurm is installed.
Update instructions:
The problem can be corrected by updating your system to the following Qlustar package versions in addition to the package versions mentioned in the upstream reports (follow the Qlustar Update Instructions, but note that the update only needs to be done on the cluster head-node):
slurmdbd 17.02.10-ql.1+xenial
Latest News
Posted: Sat, 01/09/2021 - 18:47
Posted: Tue, 12/22/2020 - 14:59
Posted: Wed, 06/03/2020 - 14:22
Posted: Wed, 04/15/2020 - 10:30
Posted: Wed, 02/12/2020 - 19:57
Security Advisories
Thu, 01/28/2021 - 19:49
Wed, 01/20/2021 - 11:10
Mon, 01/18/2021 - 17:30
Mon, 01/18/2021 - 17:29
Thu, 11/26/2020 - 14:24
