PT-2016-7189 · Clusterlabs+5 · Pacemaker+5

Alain Moulle

Published

2016-11-03

Updated

2019-10-09

CVE-2016-7035

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pacemaker versions prior to 1.1.16

Description An authorization flaw was found where Pacemaker did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to gain root access on the machine, for example, by forcing the Local Resource Manager daemon to execute a script as root.

Recommendations For versions prior to 1.1.16, update to version 1.1.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPC interface to minimize the risk of exploitation.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

ALT-PU-2017-1864

CESA-2016_2614

CESA-2016_2675

CVE-2016-7035

OPENSUSE-SU-2016_2965-1

OPENSUSE-SU-2024:10507-1

RHSA-2016:2614

RHSA-2016:2675

RHSA-2016_2614

RHSA-2016_2675

SUSE-SU-2016:2869-1

SUSE-SU-2016:2974-1

SUSE-SU-2016:3162-1

SUSE-SU-2016_2869-1

SUSE-SU-2016_2974-1

SUSE-SU-2016_3162-1

USN-3462-1

Affected Products

Alt Linux

Centos

Pacemaker

Red Hat

Suse

Ubuntu

PT-2016-7189 · Clusterlabs+5 · Pacemaker+5

CVE-2016-7035

Weakness Enumeration

Related Identifiers

Affected Products

References · 54