VULHUB ™

LSF(Load Sharing Facility) is a series of tools for scheduling, monitoring and analyzing the workload of a network. It supports a number of Unix platforms and can also be used to manage workstations running the Microsoft Windows NT/2000 platforms. Using Privileged Ports Authentication (setuid) instead of EAuth (External Authentication) introduces a security vulnerability to hosts running LSF. Using Privileged Ports Authentication (setuid) causes all LSF executables to be installed setuid root. A number of LSF executables are prone to exploitable buffer overflows, allowing arbitrary code execution and escalation of privileges. Most of these executables are exploitable locally, though a possibility exists that an attacker may contrive a way to exploit some of these issues remotely.

LSF(Load Sharing Facility) is a series of tools for scheduling, monitoring and analyzing the workload of a network. It supports a number of Unix platforms and can also be used to manage workstations running the Microsoft Windows NT/2000 platforms. Using Privileged Ports Authentication (setuid) instead of EAuth (External Authentication) introduces a security vulnerability to hosts running LSF. Using Privileged Ports Authentication (setuid) causes all LSF executables to be installed setuid root. A number of LSF executables are prone to exploitable buffer overflows, allowing arbitrary code execution and escalation of privileges. Most of these executables are exploitable locally, though a possibility exists that an attacker may contrive a way to exploit some of these issues remotely.