Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 942684 (CVE-2024-48936)

Summary: sys-cluster/slurm: Incorrect Authorization
Product: Gentoo Security Reporter: foufou33
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: ajak, alexxy, cluster, heroxbd
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://security-tracker.debian.org/tracker/CVE-2024-48936
Whiteboard: B1 [ebuild]
Package list:
Runtime testing required: ---

Description foufou33 2024-11-01 20:27:59 UTC 
from debian's security tracker :
Description:	SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.

upstream's release anouncment is here :
https://www.schedmd.com/slurm-version-24-05-4-is-now-available/

Reproducible: Always
Comment 1 Hans de Graaff gentoo-dev Security 2024-11-11 10:32:44 UTC 
I have removed the version number from the summary because we use that to refer to fixed versions in Gentoo, and there is no such version right now.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2025-03-23 08:41:15 UTC 
Ping, Benda?
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2025-03-23 08:43:26 UTC 
(In reply to John Helmert III from comment #2)
> Ping, Benda?

Please also add yourself as a maintainer (and perhaps remove the other maintainers) if you're going to take responsibility for this package.