Rapid7 VulnDB

RHSA-2013:1635: pacemaker security, bug fix, and enhancement update

Back to Search

RHSA-2013:1635: pacemaker security, bug fix, and enhancement update

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
11/21/2013
Created
07/25/2018
Added
11/21/2013
Modified
07/04/2017

Description

Pacemaker is a high-availability cluster resource manager with a powerfulpolicy engine.A denial of service flaw was found in the way Pacemaker performedauthentication and processing of remote connections in certaincircumstances. When Pacemaker was configured to allow remote ClusterInformation Base (CIB) configuration or resource management, a remoteattacker could use this flaw to cause Pacemaker to block indefinitely(preventing it from serving other requests). (CVE-2013-0281)Note: The default Pacemaker configuration in Red Hat Enterprise Linux 6 hasthe remote CIB management functionality disabled.The pacemaker package has been upgraded to upstream version 1.1.10, whichprovides a number of bug fixes and enhancements over the previous version:(BZ#987355)Additional bug fixes:All pacemaker users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues and add theseenhancements.

Solution(s)

  • redhat-upgrade-pacemaker-debuginfo
  • redhat-upgrade-pacemaker-remote

References

  • redhat-upgrade-pacemaker-debuginfo
  • redhat-upgrade-pacemaker-remote

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;