UBUNTU-CVE-2023-49935

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-49935

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-49935.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-49935

Related

CVE-2023-49935

Published

2023-12-14T05:15:00Z

Modified

2024-12-18T16:33:28Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1.

References

Affected packages

Ubuntu:Pro:14.04:LTS / slurm-llnl

Package

Name: slurm-llnl
Purl: pkg:deb/ubuntu/slurm-llnl?arch=src?distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.7-1

2.5.7-1build1

2.6.4-1ubuntu1

2.6.5-1

2.6.5-1ubuntu0.1~esm4

2.6.5-1ubuntu0.1~esm5

2.6.5-1ubuntu0.1~esm6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / slurm-llnl

Package

Name: slurm-llnl
Purl: pkg:deb/ubuntu/slurm-llnl?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

14.*

14.11.8-4

15.*

15.08.4-1build1

15.08.4-1build2

15.08.7-1

15.08.7-1build1

15.08.7-1ubuntu0.1~esm3

15.08.7-1ubuntu0.1~esm4

15.08.7-1ubuntu0.1~esm5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / slurm-llnl

Package

Name: slurm-llnl
Purl: pkg:deb/ubuntu/slurm-llnl?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

17.*

17.02.6-1build1

17.02.9-1

17.11.2-1build1

17.11.2-1ubuntu0.1~esm3

17.11.2-1ubuntu0.1~esm4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / slurm-llnl

Package

Name: slurm-llnl
Purl: pkg:deb/ubuntu/slurm-llnl?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

19.*

19.05.3.2-2

19.05.3.2-2build1

19.05.5-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / slurm-wlm

Package

Name: slurm-wlm
Purl: pkg:deb/ubuntu/slurm-wlm?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.11.7+really20.11.4-2

21.*

21.08.5-1

21.08.5-1.1

21.08.5-2

21.08.5-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / slurm-wlm

Package

Name: slurm-wlm
Purl: pkg:deb/ubuntu/slurm-wlm?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

23.*

23.11.4-1.2ubuntu5

23.11.7-1

24.*

24.05.2-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / slurm-wlm

Package

Name: slurm-wlm
Purl: pkg:deb/ubuntu/slurm-wlm?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

23.*

23.02.3-2ubuntu1

23.02.6-1ubuntu2

23.02.6-1ubuntu3

23.11.3-1ubuntu1

23.11.3-2ubuntu1

23.11.3-2ubuntu2

23.11.4-1.2ubuntu4

23.11.4-1.2ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}