CVE-2016-7035

CWE-28510 documents8 sources

Severity

7.8HIGH

EPSS

0.1%

top 71.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clusterlabs Pacemaker Redhat Enterprise Linux Server Redhat Enterprise Linux Server EUS

Timeline

PublishedSep 10

Latest updateMay 13

Description

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages5 packages

▶Debianpacemaker< 1.1.15-3+3

▶Ubuntupacemaker< 1.1.10+git20130802-1ubuntu2.4+1

▶NVDclusterlabs/pacemaker1.1.16

▶CVEListV5clusterlabs/pacemaker1.1.16

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

Also affects: Enterprise Linux 7.3, 7.4, 7.5, 7.6

🔴Vulnerability Details

GHSA

GHSA-5wmv-gcg2-v47h: An authorization flaw was found in Pacemaker before 1↗2022-05-13

▶

OSV

CVE-2016-7035: An authorization flaw was found in Pacemaker before 1↗2018-09-10

▶

CVEList

CVE-2016-7035: An authorization flaw was found in Pacemaker before 1↗2018-09-10

▶

OSV

pacemaker vulnerabilities↗2017-10-24

▶

📋Vendor Advisories

Ubuntu

Pacemaker vulnerabilities↗2017-10-24

▶

Red Hat

pacemaker: Privilege escalation due to improper guarding of IPC communication↗2016-11-03

▶

Debian

CVE-2016-7035: pacemaker - An authorization flaw was found in Pacemaker before 1.1.16, where it did not pro...↗2016

▶

💬Community

Bugzilla

CVE-2016-7035 pacemaker: Privilege escalation due to improper guarding of IPC communication [fedora-all]↗2016-11-03

▶

Bugzilla

CVE-2016-7035 pacemaker: Privilege escalation due to improper guarding of IPC communication↗2016-08-24

▶