vulnerability
CentOS: (CVE-2016-7035) CESA-2016:2675: pacemaker
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Nov 3, 2016 | Nov 14, 2016 | May 5, 2019 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Nov 3, 2016
Added
Nov 14, 2016
Modified
May 5, 2019
Description
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.
Solutions
centos-upgrade-pacemakercentos-upgrade-pacemaker-clicentos-upgrade-pacemaker-cluster-libscentos-upgrade-pacemaker-ctscentos-upgrade-pacemaker-doccentos-upgrade-pacemaker-libscentos-upgrade-pacemaker-libs-develcentos-upgrade-pacemaker-remote
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.