Title: Platform Load Sharing Facility EAuth Component Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
Load Sharing Facility is a high availability and load balancing software package distributed and maintained by Platform. It is available for Unix, Linux, and Microsoft Windows.
Load Sharing Facility eauth component has been reported prone to a buffer overflow vulnerability. The issue presents itself due to a lack of bounds checks performed on data that is supplied as a value for the '-s' option passed to eauth. By supplying excessive data, an attacker may corrupt data adjacent to the affected buffer and thereby overwrite a saved instruction pointer. An attacker may leverage this issue to influence program execution flow into attacker-supplied instructions. Because the eauth utility is installed setuid root in a default installation this vulnerability may be exploited to gain root privileges.
Additionally it been reported that because eauth is called by daemons, i.e. mbatchd with the '-s' option on attacker supplied data, a remote attacker may exploit this vulnerability from a system that is a part of the affected cluster.
Affected Products:
- Platform LSF 4.0.0
- Platform LSF 4.2.0
- Platform LSF 5.0.0
- Platform LSF 5.1.0
- Platform LSF 6.0.0
References:
- Platform: Platform Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
