The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Pacemaker

computer vulnerability note CVE-2018-16877 CVE-2018-16878 CVE-2019-3885

Pacemaker: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Pacemaker.
Impacted products: Fedora, openSUSE Leap, Pacemaker, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/04/2019.
Identifiers: CVE-2018-16877, CVE-2018-16878, CVE-2019-3885, FEDORA-2019-e71f6f36ac, openSUSE-SU-2019:1342-1, openSUSE-SU-2019:1400-1, RHSA-2019:1278-01, RHSA-2019:1279-01, SUSE-SU-2019:1047-1, SUSE-SU-2019:1108-1, SUSE-SU-2019:2268-1, USN-3952-1, VIGILANCE-VUL-29059.

Description of the vulnerability

An attacker can use several vulnerabilities of Pacemaker.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-7035

Pacemaker: privilege escalation via libqb-facilitated IPC

Synthesis of the vulnerability

An attacker can bypass restrictions via libqb-facilitated IPC of Pacemaker, in order to escalate his privileges.
Impacted products: Fedora, openSUSE Leap, Pacemaker, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 03/11/2016.
Identifiers: CVE-2016-7035, FEDORA-2016-242ff9a2fa, FEDORA-2016-2a159ef513, openSUSE-SU-2016:2965-1, openSUSE-SU-2016:3101-1, RHSA-2016:2614-01, RHSA-2016:2675-01, SUSE-SU-2016:2869-1, USN-3462-1, VIGILANCE-VUL-21041.

Description of the vulnerability

An attacker can bypass restrictions via libqb-facilitated IPC of Pacemaker, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-7797

Pacemaker: denial of service via pacemaker_remote

Synthesis of the vulnerability

An attacker can connect to the pacemaker_remote port of Pacemaker, in order to trigger a denial of service.
Impacted products: openSUSE Leap, Pacemaker, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 03/10/2016.
Identifiers: 5269, CVE-2016-7797, openSUSE-SU-2016:2965-1, openSUSE-SU-2016:3101-1, RHSA-2016:2578-02, SUSE-SU-2016:2869-1, USN-3462-1, VIGILANCE-VUL-20747.

Description of the vulnerability

The Pacemaker product offers a pacemaker_remote service (3121/tcp).

However, a connection on this port stops the active corosync session.

An attacker can therefore connect to the pacemaker_remote port of Pacemaker, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-1867

pacemaker: privilege escalation via role assignment

Synthesis of the vulnerability

An attacker can use read right to the pacemaker configuration, in order to escalate his privileges.
Impacted products: Fedora, Pacemaker, RHEL.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 14/04/2015.
Identifiers: 1211370, CVE-2015-1867, FEDORA-2015-e5e36bbb87, FEDORA-2015-f6860d8f9d, RHSA-2015:1424-01, RHSA-2015:2383-01, VIGILANCE-VUL-16585.

Description of the vulnerability

The pacemaker product manages load balancing.

It allows to define access rights to the configuration and discriminate between read and write access. However, a read right can be used to assign a role with write access.

An attacker can therefore use read right to the pacemaker configuration, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-5271

Pacemaker: file corruption via /tmp/extract_define

Synthesis of the vulnerability

A local attacker can create a symbolic link named /tmp/extract_define, in order to alter the pointed file, with privileges of Pacemaker.
Impacted products: Pacemaker.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 11/02/2014.
Identifiers: 633964, BID-65472, CVE-2011-5271, VIGILANCE-VUL-14201.

Description of the vulnerability

The configure script of the Pacemaker product uses a temporary file named /tmp/extract_define.pid.

However, when the file is opened, the program does not check if it is an existing symbolic link. The file pointed by the link is thus opened with privileges of the program.

Moreover, the file name is predictable, and is located in a publicly writable directory, so the attacker can create the symbolic link before its usage.

A local attacker can therefore create a symbolic link named /tmp/extract_define, in order to alter the pointed file, with privileges of Pacemaker.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-0281

Pacemaker: denial of service via socket

Synthesis of the vulnerability

An attacker can connect to the Pacemaker socket, in order to block it.
Impacted products: Pacemaker, RHEL.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 14/02/2013.
Identifiers: BID-57965, CVE-2013-0281, RHSA-2013:1635-02, VIGILANCE-VUL-12425.

Description of the vulnerability

The Pacemaker service uses a network socket to communicate. The access to this socket requires an authentication.

However this socket is blocking (no inactivity timeout). An attacker can thus connect, without authenticating, in order to block the application.

An attacker can therefore connect to the Pacemaker socket, in order to block it.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 9143

Pacemaker: multiple vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Pacemaker can be used by an attacker to create a denial of service or possibly to execute code.
Impacted products: Pacemaker.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 02/11/2009.
Identifiers: VIGILANCE-VUL-9143.

Description of the vulnerability

Several vulnerabilities were announced in Pacemaker.

A remote attacker can cause the use of already freed memory, resulting in corrupted memory. [severity:2/4]

A remote attacker can connect to the cluster from non-cluster machine. [severity:2/4]

When LOG_DEBUG_3 is enabled, an already freed memory is used leading to corrupted memory. [severity:1/4]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Pacemaker: