Description
Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Tomasz Grabowski · textlocallinux
https://www.exploit-db.com/exploits/23743
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107756600403557&w=2
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9724
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15278
Scores
EPSS
0.0699
EPSS Percentile
91.5%
Details
Status
published
Products (5)
platform/lsf
4.0
platform/lsf
4.2
platform/lsf
5.0
platform/lsf
5.1
platform/lsf
6.0
Published
Nov 23, 2004
Tracked Since
Feb 18, 2026