漏洞信息详情

SchedMD Slurm SQL注入漏洞

漏洞简介

SchedMD Slurm是美国SchedMD公司的一套用于大型和小型Linux群集中的开源的和高度可扩展的集群管理和作业调度系统。

SchedMD Slurm 17.11.x版本、18.08.0版本至18.08.7版本和19.05.0版本中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://www.schedmd.com/news.php?id=218

参考网址

来源:CONFIRM

链接:https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html

来源:MISC

链接:https://www.schedmd.com/news.php

来源:CONFIRM

链接:https://www.schedmd.com/news.php?id=218

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2O47F72FWMYLEGF35QGNYY5VS33SUQS5/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQ6EV3OWKGMTBWCSXZGS4MYADUBLVXSQ/

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2019/suse-su-20192989-1.html

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2019/suse-su-20193080-1.html

来源:www.debian.org

链接:https://www.debian.org/security/2019/dsa-4572

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2019/suse-su-20192229-1.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.4363/

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Slurm-SQL-injection-29863

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-12838

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.4356/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.4476/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.3265/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/155398/Debian-Security-Advisory-4572-1.html

受影响实体

    暂无


漏洞信息快速查询

相关漏洞

更多