The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2886 advisory.

    Multiple security issues were discovered in the Simple Linux Utility for Resource Management (SLURM), a     cluster resource management and job scheduling system, which could result in denial of service,     information disclosure or privilege escalation. CVE-2019-12838 SchedMD Slurm allows SQL Injection.
    CVE-2020-12693 In the rare case where Message Aggregation is enabled, Slurm allows Authentication Bypass     via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
    CVE-2020-27745 RPC Buffer Overflow in the PMIx MPI plugin. CVE-2021-31215 SchedMD Slurm allows remote code     execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment     mishandling. For Debian 9 stretch, these problems have been fixed in version 16.05.9-1+deb9u5. We     recommend that you upgrade your slurm-llnl packages. For the detailed security status of slurm-llnl please     refer to its security tracker page at: https://security-tracker.debian.org/tracker/slurm-llnl Further     information about Debian LTS security advisories, how to apply these updates to your system and frequently     asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DLA-2886-1 : slurm-llnl - LTS security update

critical Nessus Plugin ID 156773

Version 1.4

Version 1.3

Version 1.4 Jan 24, 2025, 9:25 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202501242125
Version 1.3 Nov 21, 2023, 1:14 AM CVSSv3 score source (set to "CVE-2020-27745") Plugin Feed: 202311210114