2019-06-19
ALT-BU-2019-3741-1
Branch c8 update bulletin.
Closed vulnerabilities
Published: 2018-09-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-7035
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- RHSA-2016:2614
- RHSA-2016:2614
- RHSA-2016:2675
- RHSA-2016:2675
- [oss-security] 20161103 CVE-2016-7035 - pacemaker - improper IPC guarding
- [oss-security] 20161103 CVE-2016-7035 - pacemaker - improper IPC guarding
- 94214
- 94214
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7035
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7035
- https://github.com/ClusterLabs/pacemaker/commit/5d71e65049
- https://github.com/ClusterLabs/pacemaker/commit/5d71e65049
- [users] 20161103 [SECURITY] CVE-2016-7035 - pacemaker - improper IPC guarding
- [users] 20161103 [SECURITY] CVE-2016-7035 - pacemaker - improper IPC guarding
- GLSA-201710-08
- GLSA-201710-08
Closed bugs
не останавливается через systemd