CVE-2014-0748

Published: Dec 27, 2014Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.

Affected (2)

Products: Cray: Cray Linux Environment

Cray

1 product

Cray Linux Environment

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cray Cray Linux Environment	Up to 4.2
Cray Cray Linux Environment	Version 5.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://labs.mwrinfosecurity.com/advisories/2014/01/31/cray-aprunapinit-privilege-escalation/

Source: cve@mitre.org

https://labs.mwrinfosecurity.com/advisories/2014/01/31/cray-aprunapinit-privilege-escalation/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.