Full Report
Altair Grid Engine contain multiple vulnerabilities that could allow an attacker to escalate privileges and execute arbitrary code with superuser permissions. Siemens has released a new version for Altair Grid Engine and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple Privilege Escalation Flaws in Altair Grid Engine
## CVE Details
- **CVE ID:** CVE-2025-40760
- **CVSS Score:** 5.5 (Medium) / CVSS v4.0: 6.8
- **CWE:** CWE-209 (Generation of Error Message Containing Sensitive Information)
- **CVE ID:** CVE-2025-40763
- **CVSS Score:** 7.8 (High) / CVSS v4.0: 8.5
- **CWE:** CWE-427 (Uncontrolled Search Path Element)
## Affected Systems
- **Products:** Altair Grid Engine
- **Versions:** All versions prior to V2025.1.0
- **Configurations:** Systems utilizing default authentication mechanisms and binaries with the setuid-root bit enabled.
## Vulnerability Description
Altair Grid Engine is susceptible to two distinct security flaws:
1. **Information Disclosure (CVE-2025-40760):** The software fails to properly sanitize error messages during user authentication requests. This allows a local attacker to trigger error conditions that leak sensitive password hashes of privileged accounts, facilitating offline brute-force attacks.
2. **Privilege Escalation (CVE-2025-40763):** The software does not properly validate environment variables when loading shared libraries. By manipulating specific environment variables and placing a malicious library in a controlled path (Path Hijacking), a local attacker can achieve arbitrary code execution with superuser (root) permissions.
## Exploitation
- **Status:** Vulnerabilities reported by researcher (Daniele Montanaro); no public PoC currently cited in advisory.
- **Complexity:** Low
- **Attack Vector:** Local (Requires authenticated access to the system).
## Impact
- **Confidentiality:** High (Leakage of password hashes and full system access).
- **Integrity:** High (Ability to execute arbitrary code as superuser).
- **Availability:** High (Superuser access allows for full system disruption).
## Remediation
### Patches
- Siemens recommends updating Altair Grid Engine to **V2025.1.0** or later.
### Workarounds
If patching is not immediately possible, the following mitigations are recommended:
- **For CVE-2025-40760:** Disable the execution bit for the authentication user binary:
`chmod a-x $SGE_ROOT/bin/<architecture>/authuser`
- **For CVE-2025-40763 (Non-Windows clusters):** Remove the setuid-root bit from the "sgepasswd" binary:
`chmod u-s $SGE_ROOT/bin/<architecture>/sgepasswd`
## Detection
- **Indicators of Compromise:** Monitor for unusual shared library loading activities or unexpected modification of environment variables associated with Grid Engine binaries.
- **Detection methods:** Audit logs for frequent authentication failures followed by successful privileged logins, and inspect setuid-root binaries for unauthorized permission changes.
## References
- **Vendor Advisory (Siemens):** hxxps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-514895[.]pdf
- **Siemens ProductCERT:** hxxps://www[.]siemens[.]com/cert/advisories
- **Operational Guidelines:** hxxps://www[.]siemens[.]com/cert/operational-guidelines-industrial-security