Load Sharing Facility eauth component could allow attacker to hijack other user`s process

lsf-eauth-process-hijack (15278) The risk level is classified as MediumMedium Risk

Description:

Platform Computing's Load Sharing Facility (LSF) could allow a remote attacker, from within an LSF cluster, to hijack another user's process, caused by a vulnerability in the eauth authentication component. A remote attacker, with knowledge of another user's authentication information, could submit and control jobs as the other user.


Consequences:

Gain Access

Remedy:

Apply the patch for this vulnerability, available from the Platform Computing Inc. Web site. See References.

References:

  • Full-Disclosure Mailing List, Mon Feb 23 2004 - 06:57:44 CST: LSF eauth vulnerability leads to a possibility of controlling cluster jobs on behalf of other users .
  • Platform Computing Inc. Web site: Platform Computing - Support Services.
  • BID-9724: Platform Load Sharing Facility EAuth Privilege Escalation Vulnerability
  • CVE-2004-0318: Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.
  • OSVDB ID: 6812: Load Sharing Facility LSF_EAUTH_UID Variable Privilege Escalation

Platforms Affected:

  • Platform Computing LSF 4.x
  • Platform Computing LSF 5.x
  • Platform Computing LSF 6.x

Reported:

Feb 23, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page