[QSA-1215232] Slurm vulnerabilities

Qlustar Security Advisory 1215232

December 15th, 2023

Summary:

Slurm vulnerabilities

Package(s)       : slurmctld,
                   slurmdbd,
				   qlustar-module-slurm-focal-amd64-12.0.3,
                   qlustar-module-slurm-jammy-amd64-13.1,
                   qlustar-module-slurm-centos8-amd64-13.1
Qlustar releases : 12.0, 13
Affected versions: All versions prior to this update
Vulnerability    : Privilege escalation
Problem type     : local
Qlustar-specific : no
CVE Id(s)        : CVE-2023-49933, CVE-2023-49934, CVE-2023-49935, CVE-2023-49936,
                   CVE-2023-49937, CVE-2023-49938

Relevant to Qlustar 12.0 and 13

Ryan Hall (Meta Red Team X) discovered that there is improper enforcement of message integrity during transmission in a communication channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks (CVE-2023-49933).

The SchedMD team discovered that there is arbitrary SQL injection against SlurmDBD’s SQL database (CVE-2023-49934).

Ryan Hall discovered that there is incorrect access control because of a slurmd message integrity bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse (CVE-2023-49935).

Ryan Hall discovered that a NULL pointer dereference leads to denial of service (CVE-2023-49936).

Ryan Hall discovered that because of a double free, attackers can cause a denial of service or possibly execute arbitrary code (CVE-2023-49937).

Ryan Hall discovered that there is incorrect access control: An attacker can modify their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups (CVE-2023-49938).

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions:

For Qlustar 13

slurmctld                                  23.02.7-ql.1_amd64+13-jammy
slurmdbd                                   23.02.7-ql.1_amd64+13-jammy
qlustar-module-slurm-jammy-amd64-13.1      13.1.3-b569f1522
qlustar-module-slurm-centos8-amd64-13.1    13.1.3-b569f1522

For Qlustar 12.0

slurmctld                                  23.02.7-ql.1_amd64+12-focal
slurmdbd                                   23.02.7-ql.1_amd64+12-focal
qlustar-module-core-focal-amd64-12.0.3     12.0.3.2-b566f1523