Platform LSF "eauth" Component Vulnerabilities
SECUNIA ADVISORY ID:
SA10969
VERIFY ADVISORY:
http://secunia.com/advisories/10969/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, ID Spoofing, Privilege escalation, System access
WHERE:
From local network
SOFTWARE:
Platform LSF 6.x
Platform LSF 5.x
Platform LSF 4.x
DESCRIPTION:
Tomasz Grabowski has reported some vulnerabilities in Platform LSF, which can be exploited by malicious people to impersonate other users, gain escalated privileges, and potentially compromise a vulnerable system.
- It is possible to communicate with LSF while impersonating another user due to an authentication error in the eauth component. The problem is that a UID specified in the "LSF_EAUTH_UID" environment variable may be used instead of a user's real UID when performing actions on a LSF cluster.
This reportedly makes it possible to submit and control jobs (some with administrative privileges) as another user within a LSF cluster.
- A boundary error in the eauth component allows malicious users to gain escalated privileges or compromise a system within a LSF cluster when eauth runs in "-s" mode. This can be exploited to cause a buffer overflow by supplying an overly long input string to the "LSF_From_PC" parameter.
This allows execution of arbitrary code with administrative privileges.
SOLUTION:
The vendor has reportedly issued patches and knowledge base articles ("KB1-5T4XV" and "KB1-5RZI1").
PROVIDED AND/OR DISCOVERED BY:
Tomasz Grabowski
For further details and links please click here to see the actual Secunia Advisory: http://secunia.com/advisories/10969/