CVE-2019-3885
published 2019-04-18CVE-2019-3885: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system…
PriorityP340high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.96%
77.8th percentile
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| clusterlabs | pacemaker | <= 2.0.1 | — |
| clusterlabs | pacemaker | — | — |
| clusterlabs | pacemaker | >= 0 < 2.0.1-3 | 2.0.1-3 |
| clusterlabs | pacemaker | >= 0 < 2.0.1-3 | 2.0.1-3 |
| clusterlabs | pacemaker | >= 0 < 2.0.1-3 | 2.0.1-3 |
| clusterlabs | pacemaker | >= 0 < 2.0.1-3 | 2.0.1-3 |
| clusterlabs | pacemaker | >= 0 < 1.1.14-2ubuntu1.6 | 1.1.14-2ubuntu1.6 |
| clusterlabs | pacemaker | >= 0 < 1.1.18-0ubuntu1.1 | 1.1.18-0ubuntu1.1 |
| debian | pacemaker | < pacemaker 2.0.1-3 (bookworm) | pacemaker 2.0.1-3 (bookworm) |
| fedoraproject | fedora | — | — |
| openbsd | openssh | >= 0 < 1:6.6p1-2ubuntu2.13 | 1:6.6p1-2ubuntu2.13 |
| openbsd | openssh | >= 0 < 1:7.2p2-4ubuntu2.8 | 1:7.2p2-4ubuntu2.8 |
| openbsd | openssh | >= 0 < 1:7.6p1-4ubuntu0.3 | 1:7.6p1-4ubuntu0.3 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian3.3LOW
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Pacemaker vulnerabilities
vendor_ubuntu·2019-04-23·CVSS 7.8
CVE-2018-16877 [HIGH] Pacemaker vulnerabilities
Title: Pacemaker vulnerabilities
Summary: Several security issues were fixed in Pacemaker.
Jan Pokorný discovered that Pacemaker incorrectly handled client-server
authentication. A local attacker could possibly use this issue to escalate
privileges. (CVE-2018-16877)
Jan Pokorný discovered that Pacemaker incorrectly handled certain
verifications. A local attacker could possibly use this issue to cause a
denial of service. (CVE-2018-16878)
Jan Pokorný discovered that Pacemaker incorrectly handled certain memory
operations. A local attacker could possibly use this issue to obtain
sensitive information in log outputs. This issue only applied to Ubuntu
18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3885)
Instructions: In general, a standard system update will make all the necessary c
Red Hat
pacemaker: Information disclosure through use-after-free
vendor_redhat·2019-04-17·CVSS 3.3
CVE-2019-3885 [LOW] CWE-416 pacemaker: Information disclosure through use-after-free
pacemaker: Information disclosure through use-after-free
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs.
Package: pacemaker (Red Hat Enterprise Linux 6) - Will not fix
Package: pacemaker (Red Hat Storage 3) - Will not fix
Debian
CVE-2019-3885: pacemaker - A use-after-free flaw was found in pacemaker up to and including version 2.0.1 w...
vendor_debian·2019·CVSS 3.3
CVE-2019-3885 [LOW] CVE-2019-3885: pacemaker - A use-after-free flaw was found in pacemaker up to and including version 2.0.1 w...
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
Scope: local
bookworm: resolved (fixed in 2.0.1-3)
bullseye: resolved (fixed in 2.0.1-3)
forky: resolved (fixed in 2.0.1-3)
sid: resolved (fixed in 2.0.1-3)
trixie: resolved (fixed in 2.0.1-3)
GHSA
GHSA-65pr-6j4p-wvp6: A use-after-free flaw was found in pacemaker up to and including version 2
ghsa_unreviewed·2022-05-24
CVE-2019-3885 [HIGH] CWE-416 GHSA-65pr-6j4p-wvp6: A use-after-free flaw was found in pacemaker up to and including version 2
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
OSV
pacemaker vulnerabilities
osv·2019-04-23·CVSS 7.8
CVE-2018-16877 [HIGH] pacemaker vulnerabilities
pacemaker vulnerabilities
Jan Pokorný discovered that Pacemaker incorrectly handled client-server
authentication. A local attacker could possibly use this issue to escalate
privileges. (CVE-2018-16877)
Jan Pokorný discovered that Pacemaker incorrectly handled certain
verifications. A local attacker could possibly use this issue to cause a
denial of service. (CVE-2018-16878)
Jan Pokorný discovered that Pacemaker incorrectly handled certain memory
operations. A local attacker could possibly use this issue to obtain
sensitive information in log outputs. This issue only applied to Ubuntu
18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3885)
OSV
CVE-2019-3885: A use-after-free flaw was found in pacemaker up to and including version 2
osv·2019-04-18·CVSS 7.5
CVE-2019-3885 [HIGH] CVE-2019-3885: A use-after-free flaw was found in pacemaker up to and including version 2
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
OSV
openssh vulnerability
osv·2019-03-04·CVSS 5.9
CVE-2019-6111 openssh vulnerability
openssh vulnerability
USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix
for CVE-2019-6111 turned out to be incomplete. This update fixes the
problem.
Original advisory details:
Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a
user or automated system were tricked into connecting to an untrusted
server, a remote attacker could possibly use these issues to write to
arbitrary files, change directory permissions, and spoof client output.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-3885 pacemaker: Information disclosure through use-after-free [openstack-rdo]
bugzilla·2019-05-04·CVSS 3.3
CVE-2019-3885 [LOW] CVE-2019-3885 pacemaker: Information disclosure through use-after-free [openstack-rdo]
CVE-2019-3885 pacemaker: Information disclosure through use-after-free [openstack-rdo]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of openstack-rdo.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
RDO Uses pacemaker from Cen
Bugzilla
CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 pacemaker: various flaws [fedora-all]
bugzilla·2019-04-17·CVSS 7.8
CVE-2018-16877 [HIGH] CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 pacemaker: various flaws [fedora-all]
CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 pacemaker: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported vers
Bugzilla
CVE-2019-3885 pacemaker: Information disclosure through use-after-free
bugzilla·2019-04-01·CVSS 7.8
CVE-2019-3885 [HIGH] CVE-2019-3885 pacemaker: Information disclosure through use-after-free
CVE-2019-3885 pacemaker: Information disclosure through use-after-free
A use-after-free defect was discovered in pacemaker that can possibly lead to unsolicited information disclosure in the log outputs.
Discussion:
Acknowledgments:
Name: Jan Pokorný (Red Hat)
---
Created attachment 1555736
Cumulative patches to address CVE-2018-16877, CVE-2018-16878 and CVE-2019-3885
---
Public via:
https://www.openwall.com/lists/oss-security/2019/04/17/1
---
Created pacemaker tracking bugs for this issue:
Affects: fedora-all [bug 1700737]
---
Upstream patch: https://github.com/ClusterLabs/pacemaker/pull/1749/commits/970736b1c7ad5c78cc5295a4231e546104d55893
---
Created pacemaker tracking bugs for this issue:
Affects: openstack-rdo [bug 1706307]
---
This issue has been addressed in the fo
Bugzilla
CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS
bugzilla·2018-12-10·CVSS 7.8
CVE-2018-16878 [HIGH] CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS
CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS
A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1649942
Discussion:
Acknowledgments:
Name: Jan Pokorný (Red Hat)
---
Created attachment 1555735
Cumulative patches to address CVE-2018-16877, CVE-2018-16878 and CVE-2019-3885
---
Public via:
https://www.openwall.com/lists/oss-security/2019/04/17/1
---
Created pacemaker tracking bugs for this issue:
Affects: fedora-all [bug 1700737]
---
Upstream patch: https://github.com/ClusterLabs/pacemaker/pull/1749/commits/970736b1c7ad5c78cc5295a4231e546104d55893
---
Created pacemaker tracking bugs
Bugzilla
CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc
bugzilla·2018-11-22·CVSS 7.8
CVE-2018-16877 [HIGH] CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc
CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc
A flaw was found in pacemaker. Insufficient verification of client-side authentication combined with other IPC weaknesses leads to local privilege escalation.
Discussion:
Acknowledgments:
Name: Jan Pokorný (Red Hat)
---
Detailed description of the issue:
A pair of design-level security vulnerabilities were discovered, verging on mere weaknesses in isolation, but when opportunistically combined, making for a local privilege escalation (which is easily extended to taking control over the whole cluster, which is a natural consequence of obtaining local root privileges solely by the means of what pacemaker unexpectedly allows one to breach on its own -- note that
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.htmlhttp://www.securityfocus.com/bid/108036https://access.redhat.com/errata/RHSA-2019:1278https://access.redhat.com/errata/RHSA-2019:1279https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885https://github.com/ClusterLabs/pacemaker/pull/1749https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/https://security.gentoo.org/glsa/202309-09https://usn.ubuntu.com/3952-1/http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.htmlhttp://www.securityfocus.com/bid/108036https://access.redhat.com/errata/RHSA-2019:1278https://access.redhat.com/errata/RHSA-2019:1279https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885https://github.com/ClusterLabs/pacemaker/pull/1749https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/https://security.gentoo.org/glsa/202309-09https://usn.ubuntu.com/3952-1/
2019-04-18
Published