CVE-2018-1079
published 2018-04-12CVE-2018-1079: pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did…
PriorityP337medium6.5CVSS 3.0
AVNACLPRLUINSUCNIHAN
EPSS
1.10%
61.5th percentile
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clusterlabs | pacemaker_command_line_interface | <= 0.9.164 | — |
| clusterlabs | pacemaker_command_line_interface | — | — |
| clusterlabs | pcs | >= 0 < 0.9.164-1 | 0.9.164-1 |
| clusterlabs | pcs | >= 0 < 0.9.164-1 | 0.9.164-1 |
| clusterlabs | pcs | >= 0 < 0.9.164-1 | 0.9.164-1 |
| clusterlabs | pcs | >= 0 < 0.9.164-1 | 0.9.164-1 |
| debian | pcs | < pcs 0.9.164-1 (bookworm) | pcs 0.9.164-1 (bookworm) |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
osv6.5MEDIUM
vendor_debian8.7HIGH
vendor_redhat8.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
pcs: Privilege escalation via authorized user malicious REST call
vendor_redhat·2018-04-09·CVSS 8.7
CVE-2018-1079 [HIGH] CWE-552 pcs: Privilege escalation via authorized user malicious REST call
pcs: Privilege escalation via authorized user malicious REST call
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
It was found that the REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outsid
Debian
CVE-2018-1079: pcs - pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via ...
vendor_debian·2018·CVSS 8.7
CVE-2018-1079 [HIGH] CVE-2018-1079: pcs - pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via ...
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
Scope: local
bookworm: resolved (fixed in 0.9.164-1)
bullseye: resolved (fixed in 0.9.164-1)
forky: resolved (fixed in 0.9.164-1)
sid: resolved (fixed in 0.9.164-1)
trixie: resolved (fixed in 0.9.164-1)
GHSA
GHSA-wxjj-jh24-cx5f: pcs before version 0
ghsa_unreviewed·2022-05-13
CVE-2018-1079 [MEDIUM] CWE-22 GHSA-wxjj-jh24-cx5f: pcs before version 0
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
OSV
CVE-2018-1079: pcs before version 0
osv·2018-04-12·CVSS 6.5
CVE-2018-1079 [MEDIUM] CVE-2018-1079: pcs before version 0
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call [fedora-all]
bugzilla·2018-04-09·CVSS 8.7
CVE-2018-1079 [HIGH] CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call [fedora-all]
CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call [fedora-all]
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug. This will ensure that all associated bugs get updated
when new packages are pushed to stable.
# bugfix, security, enhancement, newpackage (required)
type=security
# testing, stable
request=testing
# Bug numbers: 1234,9876
bugs=1550243,1565088
# Description of your update
notes=Security fix for [PUT CVEs HERE]
# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3
# Automatically close bugs when this marked as stable
close_bugs=True
# Suggest that users rest
Bugzilla
CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call
bugzilla·2018-02-28·CVSS 8.7
CVE-2018-1079 [HIGH] CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call
CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call
A security issue was found in pcs deamon that permits an authorized user (with write permission in pcsd) to escalate privileges and write to any file in the system using a malicious REST call.
Discussion:
Acknowledgments:
Name: Ondrej Mular (Red Hat)
---
Created pcs tracking bugs for this issue:
Affects: fedora-all [bug 1565088]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:1060 https://access.redhat.com/errata/RHSA-2018:1060
2018-04-12
Published