PT-2016-7189 · Clusterlabs+5 · Pacemaker+5

Alain Moulle

Publicado

2016-11-03

Atualizado

2019-10-09

CVE-2016-7035

CVSS v3.1

8.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pacemaker versions prior to 1.1.16

Description An authorization flaw was found where Pacemaker did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to gain root access on the machine, for example, by forcing the Local Resource Manager daemon to execute a script as root.

Recommendations For versions prior to 1.1.16, update to version 1.1.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPC interface to minimize the risk of exploitation.

Correção

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285

Identificadores relacionados

ALT-PU-2017-1864

CESA-2016_2614

CESA-2016_2675

CVE-2016-7035

OPENSUSE-SU-2016_2965-1

OPENSUSE-SU-2024:10507-1

RHSA-2016:2614

RHSA-2016:2675

RHSA-2016_2614

RHSA-2016_2675

SUSE-SU-2016:2869-1

SUSE-SU-2016:2974-1

SUSE-SU-2016:3162-1

SUSE-SU-2016_2869-1

SUSE-SU-2016_2974-1

SUSE-SU-2016_3162-1

USN-3462-1

Produtos afetados

Alt Linux

Centos

Pacemaker

Red Hat

Suse

Ubuntu

PT-2016-7189 · Clusterlabs+5 · Pacemaker+5

CVE-2016-7035

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54