Security vulnerability in Sun N1 Grid Engine daemons

Sun has published a security advisory confirming the existence of a denial of service vulnerability in Sun N1 Grid Engine.

The problem lies in the fact that Sun N1 Grid Engine daemons can allow local unprivileged users to kill any of the qmaster or execd processes and close the grid service, leading to denial of services. In certain cases there are buffer overflows that can be exploited by unprivileged local users to escalate privileges.

Sun has published updates to resolve this problem in all affected versions (Sun Grid Engine 5.3 and N1 Grid Engine 6.0) and platforms (SPARC, x86, Linux, Windows, HP-UX, AIX, IRIX and MAC OS). Due to the number of vulnerable platforms and versions and the large amount of updates, it is advisable to refer to the Sun advisory.

Source: Oxygen3.




Share this