Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Titleslurm-llnl security update
Informations
NameDSA-4572First vendor Publication2019-11-18
VendorDebianLast vendor Modification2019-11-18
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system did not escape strings when importing an archive file into the accounting_storage/mysql backend, resulting in SQL injection.

For the stable distribution (buster), this problem has been fixed in version 18.08.5.2-1+deb10u1.

We recommend that you upgrade your slurm-llnl packages.

For the detailed security status of slurm-llnl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/slurm-llnl

Original Source

Url : http://www.debian.org/security/2019/dsa-4572

CWE : Common Weakness Enumeration

%idName
100 %CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application31

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-11-19 00:18:44
  • First insertion