Unrated severityNVD Advisory· Published Sep 10, 2018· Updated Aug 6, 2024

CVE-2016-7035

Description

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.

Affected products

Clusterlabs/Pacemakerv5
Range: 1.1.16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2016-2614.htmlmitrevendor-advisoryx_refsource_REDHAT
rhn.redhat.com/errata/RHSA-2016-2675.htmlmitrevendor-advisoryx_refsource_REDHAT
security.gentoo.org/glsa/201710-08mitrevendor-advisoryx_refsource_GENTOO
www.openwall.com/lists/oss-security/2016/11/03/5mitremailing-listx_refsource_MLIST
www.securityfocus.com/bid/94214mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
github.com/ClusterLabs/pacemaker/commit/5d71e65049mitrex_refsource_CONFIRM
lists.clusterlabs.org/pipermail/users/2016-November/004432.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000