Privilege Escalation via LSF_EAUTH_UID Environment Variable

Privilege Escalation via LSF_EAUTH_UID Environment Variable

CVE-2004-0318 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.

Learn more about our User Device Pen Test.