CVE-2019-19727

NameCVE-2019-19727
DescriptionSchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
slurm-llnl (PTS)stretch16.05.9-1+deb9u4vulnerable
stretch (security)16.05.9-1+deb9u2vulnerable
buster, buster (security)18.08.5.2-1+deb10u1vulnerable
bullseye, sid19.05.5-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
slurm-llnlsource(unstable)19.05.5-1unimportant

Notes

https://bugzilla.suse.com/show_bug.cgi?id=1155784
Fixed upstream in 18.08.9, 19.05.5
The example file is installed as well in Debian as 0644 and slurmdbd.conf
not directly installed by the slurmdbd binary package.

Search for package or bug name: Reporting problems