Insecure UID Validation in apinit on Cray Devices (ID FN5912)

Insecure UID Validation in apinit on Cray Devices (ID FN5912)

CVE-2014-0748 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.

Learn more about our User Device Pen Test.