Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.
Software | From | Fixed in |
---|---|---|
platform / lsf | 4.0 | 4.0.x |
platform / lsf | 4.2 | 4.2.x |
platform / lsf | 5.0 | 5.0.x |
platform / lsf | 5.1 | 5.1.x |
platform / lsf | 6.0 | 6.0.x |