vulnerability
CentOS: (CVE-2016-7035) CESA-2016:2675: pacemaker
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Nov 3, 2016 | Nov 14, 2016 | May 5, 2019 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Nov 3, 2016
Added
Nov 14, 2016
Modified
May 5, 2019
Description
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.
Solution(s)
centos-upgrade-pacemakercentos-upgrade-pacemaker-clicentos-upgrade-pacemaker-cluster-libscentos-upgrade-pacemaker-ctscentos-upgrade-pacemaker-doccentos-upgrade-pacemaker-libscentos-upgrade-pacemaker-libs-develcentos-upgrade-pacemaker-remote
References

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.