CVE-2010-3380 in Slurm
Summary
by MITRE
The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/28/2019
The vulnerability identified as CVE-2010-3380 affects the SLURM workload management system, specifically targeting the initialization scripts for both the slurm and slurmdbd services. This security flaw exists in versions prior to 2.1.14 and represents a classic privilege escalation vulnerability through environment variable manipulation. The issue stems from how these init.d scripts configure the LD_LIBRARY_PATH environment variable during service startup, creating an exploitable condition that adversaries can leverage to execute malicious code with elevated privileges.
The technical flaw occurs when the init.d/slurm and init.d/slurmdbd scripts include the current working directory represented by a dot (.) in the LD_LIBRARY_PATH variable. This configuration creates a dangerous execution environment where the system will search for shared libraries in the current directory before checking standard library paths. When these services start, they inherit this compromised environment, making them vulnerable to attacks that place malicious shared libraries in the current working directory where the service is executed. This behavior directly violates the principle of least privilege and creates a path for local privilege escalation attacks.
The operational impact of this vulnerability is significant for systems running SLURM workloads, particularly in high-security environments where privilege separation is critical. An attacker with local access can simply place a malicious shared library named identically to one that the slurm or slurmdbd processes expect to load, effectively creating a Trojan horse attack vector. When the service loads this malicious library, it executes the attacker's code with the privileges of the running service, which typically operates with elevated permissions to manage cluster resources and user jobs. This vulnerability enables attackers to potentially gain root access or at minimum escalate their privileges to those of the slurm service account, compromising the entire cluster management system.
The vulnerability aligns with CWE-426, which describes "Untrusted Search Path" and falls under the broader category of privilege escalation flaws. From an ATT&CK framework perspective, this maps to T1068, "Exploitation for Privilege Escalation," and T1548.001, "Abuse Elevation Control Mechanism." The attack chain typically involves a local user placing a malicious shared library in the current working directory where the service executes, then triggering the service startup or restart to execute the malicious code. The exploitation requires minimal privileges and can be automated, making it particularly dangerous in environments where multiple users have access to the system. Organizations should immediately patch to SLURM version 2.1.14 or later, which addresses this issue by removing the current directory from LD_LIBRARY_PATH during service initialization, thereby eliminating the attack vector.
Additional mitigations include implementing proper file system permissions, monitoring for unexpected library loading behavior, and conducting regular security audits of service initialization scripts. System administrators should also consider implementing privilege separation mechanisms and ensuring that services run with minimal necessary privileges. The vulnerability demonstrates the critical importance of secure coding practices in initialization scripts and the need for careful environment variable management in service startup processes to prevent similar issues in other software systems.