Tag Advisory

Advisories

Multiple IBM Spectrum LSF Authentication Vulnerabilities (Eauth) (CVE-2020-4983)

CVE: CVE-2020-4983
Severity: CVSS 9.6 (Critical)

This advisory details two closely related vulnerabilities affecting versions of Spectrum LSF which can allow an adversary to gain root access to a cluster.

John
2021-01-14

Advisories

BeeGFS Privilege Escalation (CVE-2019-15897)

A vulnerability exists in a default installation of BeeGFS which allows users to perform operations which allow them to elevate their privileges and become root. This is due to a failure to properly authenticate a user when performing filesystem operations.

John
2019-12-04
1 Comment

Advisories

PBS Professional MoM Authentication Bypass (CVE-2019-15719)

HPCsec have identified a vulnerability in PBS Pro which allows for arbitrary code execution on any node running the pbs_mom service. This vulnerability can be exploited by anyone in a position to communicate with the pbs_mom service from an authorized node within the cluster. Exploitation of this issue allows for arbitrary code execution as any other user including as root, even in installations where root is not permitted to submit jobs.

John
2019-10-08

Advisories

IBM Spectrum LSF Privilege Escalation

A vulnerability was identified within IBM Spectrum LSF which made it was possible to impersonate other users when submitting jobs for execution. Additionally, it was found to be possible to impersonate and execute jobs as root, even where root job submission is disabled.