CVE-2020-27745 – CVE-2020-27745 is a critical buffer overflow vu... (How to Fix)

Q: What is the severity of CVE-2020-27745?

CVE-2020-27745 has a CVSS score of 9.8 (CRITICAL). CVE-2020-27745 is a critical buffer overflow vulnerability in Slurm's PMIx MPI plugin that allows remote code execution. Attackers can exploit this by sending specially crafted RPC messages to vulnerable Slurm installations. This affects organizations using Slurm for high-performance computing cluster management.

📋 TL;DR

CVE-2020-27745 is a critical buffer overflow vulnerability in Slurm's PMIx MPI plugin that allows remote code execution. Attackers can exploit this by sending specially crafted RPC messages to vulnerable Slurm installations. This affects organizations using Slurm for high-performance computing cluster management.

💻 Affected Systems

Products:

Slurm Workload Manager

Versions: All versions before 19.05.8 and 20.x before 20.02.6

Operating Systems: Linux distributions running Slurm

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with PMIx MPI plugin enabled (default in many configurations). The vulnerability is in the RPC message handling component.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to attacker gaining root privileges on Slurm controller nodes, potentially enabling lateral movement across the entire HPC cluster.

🟠

Likely Case

Remote code execution with the privileges of the Slurm daemon (typically root), allowing complete control of affected nodes and potential data exfiltration.

🟢

If Mitigated

Limited impact if network segmentation isolates Slurm management interfaces and proper access controls are implemented.

🌐 Internet-Facing: HIGH - If Slurm services are exposed to the internet, attackers can remotely exploit without authentication.

🏢 Internal Only: HIGH - Even internally, any compromised user or system could exploit this vulnerability to gain elevated privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malformed RPC messages to the vulnerable service. The high CVSS score and buffer overflow nature make weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 19.05.8 or 20.02.6 and later

Vendor Advisory: https://www.schedmd.com/news.php

Restart Required: Yes

Instructions:

1. Backup configuration files. 2. Stop all Slurm services. 3. Upgrade to patched version using package manager or source compilation. 4. Restart Slurm services. 5. Verify functionality.

🔧 Temporary Workarounds

Disable PMIx MPI plugin

linux

Temporarily disable the vulnerable PMIx MPI plugin if immediate patching isn't possible

Edit slurm.conf and set 'MpiDefault=pmi2' or remove PMIx references
Restart slurmctld and slurmd services

Network isolation

linux

Restrict network access to Slurm services using firewall rules

iptables -A INPUT -p tcp --dport 6817 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 6817 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate Slurm management interfaces from untrusted networks
Monitor for unusual process creation or network connections from Slurm daemons

🔍 How to Verify

Check if Vulnerable:

Check Slurm version with 'slurmd -V' or 'scontrol -V' and compare against affected versions

Check Version:

slurmd -V 2>&1 | head -1

Verify Fix Applied:

Verify version is 19.05.8+ or 20.02.6+ and test MPI job submission functionality

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from slurmctld or slurmd
Segmentation faults in Slurm daemon logs
Failed MPI job submissions with malformed parameters

Network Indicators:

Unusual RPC traffic patterns to Slurm ports (6817-6819)
Connection attempts from unexpected sources to Slurm services

SIEM Query:

source="slurm.log" AND ("segmentation fault" OR "buffer overflow" OR "invalid RPC")

📊 Metadata

CVE ID: CVE-2020-27745

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: November 27, 2020

Last Updated: November 21, 2024

🔗 References

https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html Mailing List,Third Party Advisory
https://www.debian.org/security/2021/dsa-4841 Third Party Advisory
https://www.schedmd.com/news.php Patch,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html Mailing List,Third Party Advisory
https://www.debian.org/security/2021/dsa-4841 Third Party Advisory
https://www.schedmd.com/news.php Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27745, you might also want to check these: