Date published: 2014-12-26T21:59:00.053-05:00
Date last modified: 2014-12-30T06:22:17.847-05:00
CVSS Score: 7.2
Principal attack vector: LOCAL
Reference URL: https://labs.mwrinfosecurity.com/advisories/2014/01/31/cray-aprunapinit-privilege-escalation/
Summary: apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.