A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 02:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Sep 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
References |
|
07 Oct 2022, 02:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* |
|
CWE | ||
First Time |
Redhat
Redhat enterprise Linux Eus Redhat enterprise Linux Server Aus Debian debian Linux Opensuse leap Debian Redhat enterprise Linux Server Tus Redhat enterprise Linux Opensuse |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/ - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html - Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/108042 - Broken Link | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/ - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:1278 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:1279 - Third Party Advisory |
07 Jan 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-287 |
Information
Published : 2019-04-18 18:29
Updated : 2023-12-10 12:59
NVD link : CVE-2018-16877
Mitre link : CVE-2018-16877
CVE.ORG link : CVE-2018-16877
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
redhat
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_eus
clusterlabs
- pacemaker
opensuse
- leap
canonical
- ubuntu_linux
CWE