Debian DLA-2519-1 : pacemaker security update

2021-01-11T00:00:00

Description

Several security vulnerabilities were addressed in pacemaker, a cluster resource manager. CVE-2018-16877 A flaw was found in the way pacemaker's client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. CVE-2018-16878 An insufficient verification inflicted preference of uncontrolled processes can lead to denial of service. CVE-2020-25654 An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. For Debian 9 stretch, these problems have been fixed in version 1.1.24-0+deb9u1. We recommend that you upgrade your pacemaker packages. For the detailed security status of pacemaker please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pacemaker NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "DEBIAN_DLA-2519.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2519-1 : pacemaker security update", "description": "Several security vulnerabilities were addressed in pacemaker, a cluster resource manager.\n\nCVE-2018-16877\n\nA flaw was found in the way pacemaker's client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.\n\nCVE-2018-16878\n\nAn insufficient verification inflicted preference of uncontrolled processes can lead to denial of service.\n\nCVE-2020-25654\n\nAn ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.\n\nFor Debian 9 stretch, these problems have been fixed in version 1.1.24-0+deb9u1.\n\nWe recommend that you upgrade your pacemaker packages.\n\nFor the detailed security status of pacemaker please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/pacemaker\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-01-11T00:00:00", "modified": "2022-05-12T00:00:00", "cvss": {"score": 9, "vector": "CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/144814", "reporter": "This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16877", "https://packages.debian.org/source/stretch/pacemaker", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25654", "https://security-tracker.debian.org/tracker/source-package/pacemaker", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16878", "https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html"], "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2020-25654"], "immutableFields": [], "lastseen": "2022-07-12T14:45:12", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:5487"]}, {"type": "amazon", "idList": ["ALAS2-2019-1275", "ALAS2-2021-1583"]}, {"type": "centos", "idList": ["CESA-2020:5453"]}, {"type": "cve", "idList": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2020-25654"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2447-1:CDD39", "DEBIAN:DLA-2447-2:C8DC1", "DEBIAN:DLA-2519-1:F4EAF", "DEBIAN:DSA-4791-1:664F0"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-16877", "DEBIANCVE:CVE-2018-16878", "DEBIANCVE:CVE-2020-25654"]}, {"type": "fedora", "idList": ["FEDORA:7FCC930C8E61", "FEDORA:97BCC60200CC", "FEDORA:A98D3604EC00", "FEDORA:AFEEB60608E3", "FEDORA:E7AA330CB45E"]}, {"type": "ibm", "idList": ["4E73E30F75AED2360643FD48F176E48FEDE9AF562A5E051D96379F78DEE7AB27", "9EAED1F5FB3762874ED935AF686A504F1630ADB20AA5EBFAE97EAEEEA4C0DAF8", "A5482A34C95D889C083B8220907A6F771A27CDE1BE58B9F8007C6235EA459B88", "D8676400C4D14B2D1B5F94F57536D6B43C6BF15DED8668D5B115B832F4F08E63"]}, {"type": "mageia", "idList": ["MGASA-2019-0394", "MGASA-2020-0409"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1275.NASL", "AL2_ALAS-2021-1583.NASL", "ALMA_LINUX_ALSA-2020-5487.NASL", "CENTOS8_RHSA-2019-1279.NASL", "CENTOS8_RHSA-2020-5487.NASL", "CENTOS_RHSA-2020-5453.NASL", "DEBIAN_DLA-2447.NASL", "DEBIAN_DSA-4791.NASL", "FEDORA_2019-B502250BA4.NASL", "FEDORA_2019-E4C8DE3FB7.NASL", "FEDORA_2019-E71F6F36AC.NASL", "FEDORA_2020-2CBE0089E2.NASL", "FEDORA_2020-3D0E38B9E7.NASL", "NEWSTART_CGSL_NS-SA-2019-0224_PACEMAKER.NASL", "NEWSTART_CGSL_NS-SA-2019-0258_PACEMAKER.NASL", "NEWSTART_CGSL_NS-SA-2021-0021_PACEMAKER.NASL", "NEWSTART_CGSL_NS-SA-2021-0160_PACEMAKER.NASL", "OPENSUSE-2019-1342.NASL", "OPENSUSE-2019-1400.NASL", "OPENSUSE-2020-1782.NASL", "OPENSUSE-2020-1825.NASL", "ORACLELINUX_ELSA-2019-1279.NASL", "ORACLELINUX_ELSA-2020-5487.NASL", "REDHAT-RHSA-2019-1278.NASL", "REDHAT-RHSA-2019-1279.NASL", "REDHAT-RHSA-2020-5423.NASL", "REDHAT-RHSA-2020-5453.NASL", "REDHAT-RHSA-2020-5487.NASL", "SL_20190528_PACEMAKER_ON_SL7_X.NASL", "SL_20201215_PACEMAKER_ON_SL7_X.NASL", "UBUNTU_USN-3952-1.NASL", "UBUNTU_USN-4623-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843983", "OPENVAS:1361412562310852482", "OPENVAS:1361412562310852499", "OPENVAS:1361412562310875590", "OPENVAS:1361412562310875750"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1279", "ELSA-2020-5453", "ELSA-2020-5487"]}, {"type": "osv", "idList": ["OSV:DLA-2519-1", "OSV:DSA-4791-1"]}, {"type": "redhat", "idList": ["RHSA-2019:1278", "RHSA-2019:1279", "RHSA-2020:5423", "RHSA-2020:5453", "RHSA-2020:5487"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-16877", "RH:CVE-2018-16878", "RH:CVE-2020-25654"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1342-1", "OPENSUSE-SU-2019:1400-1", "OPENSUSE-SU-2020:1782-1", "OPENSUSE-SU-2020:1825-1"]}, {"type": "ubuntu", "idList": ["USN-3952-1", "USN-4623-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16877", "UB:CVE-2018-16878", "UB:CVE-2020-25654"]}, {"type": "veracode", "idList": ["VERACODE:27898"]}]}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:5487"]}, {"type": "amazon", "idList": ["ALAS2-2019-1275"]}, {"type": "centos", "idList": ["CESA-2020:5453"]}, {"type": "cve", "idList": ["CVE-2018-16877", "CVE-2018-16878"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2447-1:CDD39", "DEBIAN:DLA-2447-2:C8DC1", "DEBIAN:DSA-4791-1:664F0"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-16877", "DEBIANCVE:CVE-2018-16878", "DEBIANCVE:CVE-2020-25654"]}, {"type": "fedora", "idList": ["FEDORA:7FCC930C8E61", "FEDORA:97BCC60200CC", "FEDORA:A98D3604EC00", "FEDORA:AFEEB60608E3", "FEDORA:E7AA330CB45E"]}, {"type": "ibm", "idList": ["D8676400C4D14B2D1B5F94F57536D6B43C6BF15DED8668D5B115B832F4F08E63"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1275.NASL", "FEDORA_2019-B502250BA4.NASL", "FEDORA_2019-E4C8DE3FB7.NASL", "FEDORA_2019-E71F6F36AC.NASL", "ORACLELINUX_ELSA-2020-5487.NASL", "REDHAT-RHSA-2020-5423.NASL", "REDHAT-RHSA-2020-5453.NASL", "REDHAT-RHSA-2020-5487.NASL", "SL_20201215_PACEMAKER_ON_SL7_X.NASL", "UBUNTU_USN-4623-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843983", "OPENVAS:1361412562310852482", "OPENVAS:1361412562310875590", "OPENVAS:1361412562310875750"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1279", "ELSA-2020-5487"]}, {"type": "redhat", "idList": ["RHSA-2020:5453"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-25654"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1342-1", "OPENSUSE-SU-2019:1400-1"]}, {"type": "ubuntu", "idList": ["USN-3952-1", "USN-4623-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-25654"]}]}, "exploitation": null, "vulnersScore": -0.2}, "_state": {"dependencies": 1660004461, "score": 1659893617}, "_internal": {"score_hash": "09405452ce6af98f19f598df57733ad0"}, "pluginID": "144814", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2519-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144814);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2020-25654\");\n\n script_name(english:\"Debian DLA-2519-1 : pacemaker security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several security vulnerabilities were addressed in pacemaker, a\ncluster resource manager.\n\nCVE-2018-16877\n\nA flaw was found in the way pacemaker's client-server authentication\nwas implemented. A local attacker could use this flaw, and combine it\nwith other IPC weaknesses, to achieve local privilege escalation.\n\nCVE-2018-16878\n\nAn insufficient verification inflicted preference of uncontrolled\nprocesses can lead to denial of service.\n\nCVE-2020-25654\n\nAn ACL bypass flaw was found in pacemaker. An attacker having a local\naccount on the cluster and in the haclient group could use IPC\ncommunication with various daemons directly to perform certain tasks\nthat they would be prevented by ACLs from doing if they went through\nthe configuration.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.1.24-0+deb9u1.\n\nWe recommend that you upgrade your pacemaker packages.\n\nFor the detailed security status of pacemaker please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/pacemaker\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/pacemaker\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/pacemaker\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcib-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcib4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmcluster-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmcluster4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmcommon-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmcommon3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmservice-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmservice3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblrmd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblrmd1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpe-rules2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpe-status10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpengine-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpengine10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libstonithd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libstonithd2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtransitioner2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker-cli-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker-resource-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libcib-dev\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcib4\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmcluster-dev\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmcluster4\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmcommon-dev\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmcommon3\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmservice-dev\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmservice3\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"liblrmd-dev\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"liblrmd1\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpe-rules2\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpe-status10\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpengine-dev\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpengine10\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libstonithd-dev\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libstonithd2\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libtransitioner2\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker-cli-utils\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker-common\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker-doc\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker-remote\", reference:\"1.1.24-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker-resource-agents\", reference:\"1.1.24-0+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libcib-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libcib4:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libcrmcluster-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libcrmcluster4:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libcrmcommon-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libcrmcommon3:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libcrmservice-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libcrmservice3:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:liblrmd-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:liblrmd1:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libpe-rules2:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libpe-status10:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libpengine-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libpengine10:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libstonithd-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libstonithd2:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libtransitioner2:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pacemaker:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pacemaker-cli-utils:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pacemaker-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pacemaker-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pacemaker-remote:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pacemaker-resource-agents:*:*:*:*:*:*:*"], "solution": "Upgrade the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2020-25654", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-01-06T00:00:00", "vulnerabilityPublicationDate": "2019-04-18T00:00:00", "exploitableWith": []}

{"osv": [{"lastseen": "2022-07-21T08:15:54", "description": "\nSeveral security vulnerabilities were addressed in pacemaker, a cluster\nresource manager.\n\n\n* [CVE-2018-16877](https://security-tracker.debian.org/tracker/CVE-2018-16877)\nA flaw was found in the way pacemaker's client-server authentication was\n implemented. A local attacker could use this flaw, and combine it with\n other IPC weaknesses, to achieve local privilege escalation.\n* [CVE-2018-16878](https://security-tracker.debian.org/tracker/CVE-2018-16878)\nAn insufficient verification inflicted preference of uncontrolled processes\n can lead to denial-of-service.\n* [CVE-2020-25654](https://security-tracker.debian.org/tracker/CVE-2020-25654)\nAn ACL bypass flaw was found in pacemaker. An attacker having a local\n account on the cluster and in the haclient group could use IPC\n communication with various daemons directly to perform certain tasks that\n they would be prevented by ACLs from doing if they went through the\n configuration.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.1.24-0+deb9u1.\n\n\nWe recommend that you upgrade your pacemaker packages.\n\n\nFor the detailed security status of pacemaker please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/pacemaker>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-06T00:00:00", "type": "osv", "title": "pacemaker - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2020-25654"], "modified": "2022-07-21T05:53:33", "id": "OSV:DLA-2519-1", "href": "https://osv.dev/vulnerability/DLA-2519-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:07:45", "description": "\nKen Gaillot discovered a vulnerability in the Pacemaker cluster\nresource manager: If ACLs were configured for users in the haclient\ngroup, the ACL restrictions could be bypassed via unrestricted IPC\ncommunication, resulting in cluster-wide arbitrary code execution with\nroot privileges.\n\n\nIf the enable-acl cluster option isn't enabled, members of the\nhaclient group can modify Pacemaker's Cluster Information Base without\nrestriction, which already gives them these capabilities, so there is\nno additional exposure in such a setup.\n\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.0.1-5+deb10u1.\n\n\nWe recommend that you upgrade your pacemaker packages.\n\n\nFor the detailed security status of pacemaker please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/pacemaker](https://security-tracker.debian.org/tracker/pacemaker)\n\n\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-13T00:00:00", "type": "osv", "title": "pacemaker - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2022-08-10T07:07:30", "id": "OSV:DSA-4791-1", "href": "https://osv.dev/vulnerability/DSA-4791-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-12-07T14:29:30", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2519-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nJanuary 06, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : pacemaker\nVersion : 1.1.24-0+deb9u1\nCVE ID : CVE-2018-16877 CVE-2018-16878 CVE-2020-25654\n\nSeveral security vulnerabilities were addressed in pacemaker, a cluster\nresource manager.\n\nCVE-2018-16877\n\n A flaw was found in the way pacemaker's client-server authentication was\n implemented. A local attacker could use this flaw, and combine it with\n other IPC weaknesses, to achieve local privilege escalation.\n\nCVE-2018-16878\n\n An insufficient verification inflicted preference of uncontrolled processes\n can lead to denial-of-service.\n\nCVE-2020-25654\n\n An ACL bypass flaw was found in pacemaker. An attacker having a local\n account on the cluster and in the haclient group could use IPC\n communication with various daemons directly to perform certain tasks that\n they would be prevented by ACLs from doing if they went through the\n configuration.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.1.24-0+deb9u1.\n\nWe recommend that you upgrade your pacemaker packages.\n\nFor the detailed security status of pacemaker please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/pacemaker\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2021-01-06T22:25:21", "type": "debian", "title": "[SECURITY] [DLA 2519-1] pacemaker security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2020-25654"], "modified": "2021-01-06T22:25:21", "id": "DEBIAN:DLA-2519-1:F4EAF", "href": "https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:43:57", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2447-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nNovember 11, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : pacemaker\nVersion : 1.1.16-1+deb9u1\nCVE ID : CVE-2020-25654\nDebian Bug : 973254\n\nAn ACL bypass flaw was found in pacemaker, a cluster resource manager.\nAn attacker having a local account on the cluster and in the haclient group\ncould use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.1.16-1+deb9u1.\n\nWe recommend that you upgrade your pacemaker packages.\n\nFor the detailed security status of pacemaker please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/pacemaker\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-12T00:21:25", "type": "debian", "title": "[SECURITY] [DLA 2447-1] pacemaker security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-11-12T00:21:25", "id": "DEBIAN:DLA-2447-1:CDD39", "href": "https://lists.debian.org/debian-lts-announce/2020/11/msg00021.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-02-16T11:28:45", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4791-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 13, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : pacemaker\nCVE ID : CVE-2020-25654\nDebian Bug : 973254\n\nKen Gaillot discovered a vulnerability in the Pacemaker cluster\nresource manager: If ACLs were configured for users in the "haclient"\ngroup, the ACL restrictions could be bypassed via unrestricted IPC\ncommunication, resulting in cluster-wide arbitrary code execution with\nroot privileges.\n\nIf the "enable-acl" cluster option isn't enabled, members of the\n"haclient" group can modify Pacemaker's Cluster Information Base without\nrestriction, which already gives them these capabilities, so there is\nno additional exposure in such a setup.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.0.1-5+deb10u1.\n\nWe recommend that you upgrade your pacemaker packages.\n\nFor the detailed security status of pacemaker please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/pacemaker\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-13T09:59:25", "type": "debian", "title": "[SECURITY] [DSA 4791-1] pacemaker security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-11-13T09:59:25", "id": "DEBIAN:DSA-4791-1:664F0", "href": "https://lists.debian.org/debian-security-announce/2020/msg00198.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-01-16T04:21:31", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2447-2 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nNovember 17, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : pacemaker\nVersion : 1.1.16-1+deb9u2\nDebian Bug : 974563\n\nThe update of pacemaker released as DLA-2447-1 caused a regression when the\ncommunication between the Corosync cluster engine and pacemaker takes place. A\npermission problem prevents IPC requests between cluster nodes. The patch for\nCVE-2020-25654 has been reverted until a better solution can be found.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.1.16-1+deb9u2.\n\nWe recommend that you upgrade your pacemaker packages.\n\nFor the detailed security status of pacemaker please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/pacemaker\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-17T08:28:20", "type": "debian", "title": "[SECURITY] [DLA 2447-2] pacemaker regression update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-11-17T08:28:20", "id": "DEBIAN:DLA-2447-2:C8DC1", "href": "https://lists.debian.org/debian-lts-announce/2020/11/msg00029.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-04-18T12:42:01", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for pacemaker fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-16877: Fixed a local privilege escalation through insufficient\n IPC client-server authentication. (bsc#1131356)\n - CVE-2018-16878: Fixed a denial of service through insufficient\n verification inflicted preference of uncontrolled processes.\n (bsc#1131353)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1342=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-08T00:00:00", "type": "suse", "title": "Security update for pacemaker (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878"], "modified": "2019-05-08T00:00:00", "id": "OPENSUSE-SU-2019:1342-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/B5Y4IGBYGCMHPZ3NSZXSQZR4KNZADUEK/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-05T06:00:56", "description": "An update that solves three vulnerabilities and has one\n errata is now available.\n\nDescription:\n\n This update for pacemaker fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-3885: Fixed an information disclosure in log output.\n (bsc#1131357)\n - CVE-2018-16877: Fixed a local privilege escalation through insufficient\n IPC client-server authentication. (bsc#1131356)\n - CVE-2018-16878: Fixed a denial of service through insufficient\n verification inflicted preference of uncontrolled processes.\n (bsc#1131353)\n\n Non-security issue fixed:\n\n - crmd: delete resource from lrmd when appropriate to avoid timeouts with\n crmsh (bsc#1117381).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1400=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-15T00:00:00", "type": "suse", "title": "Security update for pacemaker (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-05-15T00:00:00", "id": "OPENSUSE-SU-2019:1400-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YPE4TWWC6FW57WVVOZ7ZZGIDXYSODXAF/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-03T03:59:36", "description": "An update that solves one vulnerability and has three fixes\n is now available.\n\nDescription:\n\n This update for pacemaker fixes the following issues:\n\n - executor: restrict certain IPC requests to Pacemaker daemons\n (CVE-2020-25654, bsc#1177916)\n - extra: add vim modelines to agents\n - extra: quote shell variables in agent code where appropriate\n (bsc#1175557)\n - extra: remove trailing whitespace from agent code\n - extra: update agent boilerplate (copyright/license notices)\n - extra: use 4-space indents in resource agent code\n - extra: use \":=\" where appropriate in agent code\n - fencer: restrict certain IPC requests to privileged users\n (CVE-2020-25654, bsc#1177916)\n - move bcond_with/without up front for e.g. pcmk_release\n - pacemakerd: ignore shutdown requests from unprivileged users\n (CVE-2020-25654, bsc#1177916)\n - rpm: add spec option for enabling CIB secrets\n - rpm: put user-configurable items at top of spec\n - rpm: use the user/group ID 90 for haclient/hacluster to be consistent\n with cluster-glue (bsc#1167171)\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1825=1", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-04T00:00:00", "type": "suse", "title": "Security update for pacemaker (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-11-04T00:00:00", "id": "OPENSUSE-SU-2020:1825-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ALZ3WACSNOI25KPU75MGY4VMQWERZHFP/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T12:40:59", "description": "An update that solves one vulnerability and has three fixes\n is now available.\n\nDescription:\n\n This update for pacemaker fixes the following issues:\n\n Update to 2.0.4:\n\n - based: use crm_exit to free qb-logging\n - cibsecret: don't use pssh -q option unless supported\n - crm_error: use g_free for a proper match\n - crm_mon: NULL output-pointer when buffer is freed\n - crm_resource: avoid unnecessary issus with dynamic allocation\n - crm_ticket: avoid unnecessary issues with dynamic allocation\n - executor: restrict certain IPC requests to Pacemaker daemons\n (CVE-2020-25654, bsc#1177916)\n - fencer: avoid infinite loop if device is removed during operation\n - fencer: restrict certain IPC requests to privileged users\n (CVE-2020-25654, bsc#1177916)\n - libcrmcommon: free basename after setting prgname\n - libcrmcommon: return ENOMEM directly instead of errno\n - libpe_status: Modify filtering of inactive resources.\n - libreplace: closedir when bailing out dir traversal\n - move bcond_with/without up front for e.g. pcmk_release\n - pacemakerd: ignore shutdown requests from unprivileged users\n (CVE-2020-25654, bsc#1177916)\n - resources: attribute name parameter doesn't have to be unique\n - rpm: add spec option for enabling CIB secrets\n - rpm: put user-configurable items at top of spec\n - rpm: use the user/group ID 90 for haclient/hacluster to be consistent\n with cluster-glue (bsc#1167171)\n - scheduler: Add the node name back to bundle instances.\n - silence some false positives static analysis stumbled over\n - tools: check resource separately from managing parameter in cibsecret\n - tools: free IPC memory after closing connection\n - tools: improve cibsecret help\n - tools: verify newly created CIB connection is not NULL\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1782=1", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-31T00:00:00", "type": "suse", "title": "Security update for pacemaker (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-10-31T00:00:00", "id": "OPENSUSE-SU-2020:1782-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZV2VGOZZ4VYEWCBY73L27TONCDUEGOOY/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-02-19T13:51:04", "description": "This update for pacemaker fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication.\n (bsc#1131356)\n\n - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update project.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : pacemaker (openSUSE-2019-1342)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpacemaker-devel", "p-cpe:/a:novell:opensuse:libpacemaker3", "p-cpe:/a:novell:opensuse:libpacemaker3-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker", "p-cpe:/a:novell:opensuse:pacemaker-cli", "p-cpe:/a:novell:opensuse:pacemaker-cli-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker-cts", "p-cpe:/a:novell:opensuse:pacemaker-cts-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker-debugsource", "p-cpe:/a:novell:opensuse:pacemaker-remote", "p-cpe:/a:novell:opensuse:pacemaker-remote-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1342.NASL", "href": "https://www.tenable.com/plugins/nessus/124707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1342.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124707);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\");\n\n script_name(english:\"openSUSE Security Update : pacemaker (openSUSE-2019-1342)\");\n script_summary(english:\"Check for the openSUSE-2019-1342 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for pacemaker fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-16877: Fixed a local privilege escalation\n through insufficient IPC client-server authentication.\n (bsc#1131356)\n\n - CVE-2018-16878: Fixed a denial of service through\n insufficient verification inflicted preference of\n uncontrolled processes. (bsc#1131353)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131356\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pacemaker packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cli-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cts-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-remote-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libpacemaker-devel-1.1.16-4.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libpacemaker3-1.1.16-4.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libpacemaker3-debuginfo-1.1.16-4.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pacemaker-1.1.16-4.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pacemaker-cli-1.1.16-4.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pacemaker-cli-debuginfo-1.1.16-4.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pacemaker-cts-1.1.16-4.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pacemaker-cts-debuginfo-1.1.16-4.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pacemaker-debuginfo-1.1.16-4.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pacemaker-debugsource-1.1.16-4.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pacemaker-remote-1.1.16-4.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pacemaker-remote-debuginfo-1.1.16-4.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpacemaker-devel / libpacemaker3 / libpacemaker3-debuginfo / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-24T16:01:07", "description": "Jan Pokorny discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-16877)\n\nJan Pokorny discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this issue to cause a denial of service. (CVE-2018-16878)\n\nJan Pokorny discovered that Pacemaker incorrectly handled certain memory operations. A local attacker could possibly use this issue to obtain sensitive information in log outputs. This issue only applied to Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3885).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-24T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Pacemaker vulnerabilities (USN-3952-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:pacemaker", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-3952-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124274", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3952-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124274);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_xref(name:\"USN\", value:\"3952-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Pacemaker vulnerabilities (USN-3952-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jan Pokorny discovered that Pacemaker incorrectly handled\nclient-server authentication. A local attacker could possibly use this\nissue to escalate privileges. (CVE-2018-16877)\n\nJan Pokorny discovered that Pacemaker incorrectly handled certain\nverifications. A local attacker could possibly use this issue to cause\na denial of service. (CVE-2018-16878)\n\nJan Pokorny discovered that Pacemaker incorrectly handled certain\nmemory operations. A local attacker could possibly use this issue to\nobtain sensitive information in log outputs. This issue only applied\nto Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3885).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3952-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected pacemaker package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2022 Canonical, Inc. / NASL script (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"pacemaker\", pkgver:\"1.1.14-2ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"pacemaker\", pkgver:\"1.1.18-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"pacemaker\", pkgver:\"1.1.18-2ubuntu1.18.10.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"pacemaker\", pkgver:\"1.1.18-2ubuntu1.19.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-19T17:15:43", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has pacemaker packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. (CVE-2018-16877)\n\n - A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.\n (CVE-2019-3885)\n\n - A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : pacemaker Multiple Vulnerabilities (NS-SA-2019-0258)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2022-05-18T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0258_PACEMAKER.NASL", "href": "https://www.tenable.com/plugins/nessus/132469", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0258. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132469);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_bugtraq_id(108036, 108039, 108042);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : pacemaker Multiple Vulnerabilities (NS-SA-2019-0258)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has pacemaker packages installed that are affected\nby multiple vulnerabilities:\n\n - A flaw was found in the way pacemaker's client-server\n authentication was implemented in versions up to and\n including 2.0.0. A local attacker could use this flaw,\n and combine it with other IPC weaknesses, to achieve\n local privilege escalation. (CVE-2018-16877)\n\n - A use-after-free flaw was found in pacemaker up to and\n including version 2.0.1 which could result in certain\n sensitive information to be leaked via the system logs.\n (CVE-2019-3885)\n\n - A flaw was found in pacemaker up to and including\n version 2.0.1. An insufficient verification inflicted\n preference of uncontrolled processes can lead to DoS\n (CVE-2018-16878)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0258\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL pacemaker packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16877\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"pacemaker-1.1.20-5.el7_7.1\",\n \"pacemaker-cli-1.1.20-5.el7_7.1\",\n \"pacemaker-cluster-libs-1.1.20-5.el7_7.1\",\n \"pacemaker-cts-1.1.20-5.el7_7.1\",\n \"pacemaker-debuginfo-1.1.20-5.el7_7.1\",\n \"pacemaker-doc-1.1.20-5.el7_7.1\",\n \"pacemaker-libs-1.1.20-5.el7_7.1\",\n \"pacemaker-libs-devel-1.1.20-5.el7_7.1\",\n \"pacemaker-nagios-plugins-metadata-1.1.20-5.el7_7.1\",\n \"pacemaker-remote-1.1.20-5.el7_7.1\"\n ],\n \"CGSL MAIN 5.05\": [\n \"pacemaker-1.1.20-5.el7_7.1\",\n \"pacemaker-cli-1.1.20-5.el7_7.1\",\n \"pacemaker-cluster-libs-1.1.20-5.el7_7.1\",\n \"pacemaker-cts-1.1.20-5.el7_7.1\",\n \"pacemaker-debuginfo-1.1.20-5.el7_7.1\",\n \"pacemaker-doc-1.1.20-5.el7_7.1\",\n \"pacemaker-libs-1.1.20-5.el7_7.1\",\n \"pacemaker-libs-devel-1.1.20-5.el7_7.1\",\n \"pacemaker-nagios-plugins-metadata-1.1.20-5.el7_7.1\",\n \"pacemaker-remote-1.1.20-5.el7_7.1\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-19T17:14:52", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pacemaker packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. (CVE-2018-16877)\n\n - A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.\n (CVE-2019-3885)\n\n - A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-02T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : pacemaker Multiple Vulnerabilities (NS-SA-2019-0224)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2022-05-18T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0224_PACEMAKER.NASL", "href": "https://www.tenable.com/plugins/nessus/131424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0224. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131424);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_bugtraq_id(108036, 108039, 108042);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : pacemaker Multiple Vulnerabilities (NS-SA-2019-0224)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pacemaker packages installed that are affected\nby multiple vulnerabilities:\n\n - A flaw was found in the way pacemaker's client-server\n authentication was implemented in versions up to and\n including 2.0.0. A local attacker could use this flaw,\n and combine it with other IPC weaknesses, to achieve\n local privilege escalation. (CVE-2018-16877)\n\n - A use-after-free flaw was found in pacemaker up to and\n including version 2.0.1 which could result in certain\n sensitive information to be leaked via the system logs.\n (CVE-2019-3885)\n\n - A flaw was found in pacemaker up to and including\n version 2.0.1. An insufficient verification inflicted\n preference of uncontrolled processes can lead to DoS\n (CVE-2018-16878)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0224\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL pacemaker packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16877\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"pacemaker-1.1.20-5.el7_7.1\",\n \"pacemaker-cli-1.1.20-5.el7_7.1\",\n \"pacemaker-cluster-libs-1.1.20-5.el7_7.1\",\n \"pacemaker-cts-1.1.20-5.el7_7.1\",\n \"pacemaker-debuginfo-1.1.20-5.el7_7.1\",\n \"pacemaker-doc-1.1.20-5.el7_7.1\",\n \"pacemaker-libs-1.1.20-5.el7_7.1\",\n \"pacemaker-libs-devel-1.1.20-5.el7_7.1\",\n \"pacemaker-nagios-plugins-metadata-1.1.20-5.el7_7.1\",\n \"pacemaker-remote-1.1.20-5.el7_7.1\"\n ],\n \"CGSL MAIN 5.04\": [\n \"pacemaker-1.1.20-5.el7_7.1\",\n \"pacemaker-cli-1.1.20-5.el7_7.1\",\n \"pacemaker-cluster-libs-1.1.20-5.el7_7.1\",\n \"pacemaker-cts-1.1.20-5.el7_7.1\",\n \"pacemaker-debuginfo-1.1.20-5.el7_7.1\",\n \"pacemaker-doc-1.1.20-5.el7_7.1\",\n \"pacemaker-libs-1.1.20-5.el7_7.1\",\n \"pacemaker-libs-devel-1.1.20-5.el7_7.1\",\n \"pacemaker-nagios-plugins-metadata-1.1.20-5.el7_7.1\",\n \"pacemaker-remote-1.1.20-5.el7_7.1\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-13T14:54:16", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:1279 advisory.\n\n - pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877)\n\n - pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878)\n\n - pacemaker: Information disclosure through use-after-free (CVE-2019-3885)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : pacemaker (CESA-2019:1279)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:pacemaker-cluster-libs", "p-cpe:/a:centos:centos:pacemaker-libs", "p-cpe:/a:centos:centos:pacemaker-schemas"], "id": "CENTOS8_RHSA-2019-1279.NASL", "href": "https://www.tenable.com/plugins/nessus/145674", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:1279. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145674);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_bugtraq_id(108036, 108039, 108042);\n script_xref(name:\"RHSA\", value:\"2019:1279\");\n\n script_name(english:\"CentOS 8 : pacemaker (CESA-2019:1279)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:1279 advisory.\n\n - pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local\n privesc (CVE-2018-16877)\n\n - pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS\n (CVE-2018-16878)\n\n - pacemaker: Information disclosure through use-after-free (CVE-2019-3885)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1279\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pacemaker-cluster-libs, pacemaker-libs and / or pacemaker-schemas packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16877\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-schemas\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'pacemaker-cluster-libs-2.0.1-4.el8_0.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-cluster-libs-2.0.1-4.el8_0.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-libs-2.0.1-4.el8_0.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-libs-2.0.1-4.el8_0.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-schemas-2.0.1-4.el8_0.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-schemas-2.0.1-4.el8_0.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pacemaker-cluster-libs / pacemaker-libs / pacemaker-schemas');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-20T15:06:19", "description": "From Red Hat Security Advisory 2019:1279 :\n\nAn update for pacemaker is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures.\n\nSecurity Fix(es) :\n\n* pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877)\n\n* pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878)\n\n* pacemaker: Information disclosure through use-after-free (CVE-2019-3885)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Interrupted live migration will get full start rather than completed migration (BZ#1695247)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : pacemaker (ELSA-2019-1279)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:pacemaker-cluster-libs", "p-cpe:/a:oracle:linux:pacemaker-libs", "p-cpe:/a:oracle:linux:pacemaker-schemas", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-1279.NASL", "href": "https://www.tenable.com/plugins/nessus/127588", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1279 and \n# Oracle Linux Security Advisory ELSA-2019-1279 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127588);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_xref(name:\"RHSA\", value:\"2019:1279\");\n\n script_name(english:\"Oracle Linux 8 : pacemaker (ELSA-2019-1279)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1279 :\n\nAn update for pacemaker is now available for Red Hat Enterprise Linux\n8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Pacemaker cluster resource manager is a collection of technologies\nworking together to maintain data integrity and application\navailability in the event of failures.\n\nSecurity Fix(es) :\n\n* pacemaker: Insufficient local IPC client-server authentication on\nthe client's side can lead to local privesc (CVE-2018-16877)\n\n* pacemaker: Insufficient verification inflicted preference of\nuncontrolled processes can lead to DoS (CVE-2018-16878)\n\n* pacemaker: Information disclosure through use-after-free\n(CVE-2019-3885)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Interrupted live migration will get full start rather than completed\nmigration (BZ#1695247)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-August/008976.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pacemaker packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16877\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pacemaker-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"pacemaker-cluster-libs-2.0.1-4.el8_0.3\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"pacemaker-libs-2.0.1-4.el8_0.3\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"pacemaker-schemas-2.0.1-4.el8_0.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker-cluster-libs / pacemaker-libs / pacemaker-schemas\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-24T16:46:31", "description": "A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. (CVE-2018-16878)\n\nA use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs.\n(CVE-2019-3885)\n\nA flaw was found in the way pacemaker's client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.\n(CVE-2018-16877)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : pacemaker (ALAS-2019-1275)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:pacemaker", "p-cpe:/a:amazon:linux:pacemaker-cli", "p-cpe:/a:amazon:linux:pacemaker-cluster-libs", "p-cpe:/a:amazon:linux:pacemaker-cts", "p-cpe:/a:amazon:linux:pacemaker-debuginfo", "p-cpe:/a:amazon:linux:pacemaker-doc", "p-cpe:/a:amazon:linux:pacemaker-libs", "p-cpe:/a:amazon:linux:pacemaker-libs-devel", "p-cpe:/a:amazon:linux:pacemaker-nagios-plugins-metadata", "p-cpe:/a:amazon:linux:pacemaker-remote", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1275.NASL", "href": "https://www.tenable.com/plugins/nessus/128289", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1275.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128289);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_xref(name:\"ALAS\", value:\"2019-1275\");\n\n script_name(english:\"Amazon Linux 2 : pacemaker (ALAS-2019-1275)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A flaw was found in pacemaker. An insufficient verification inflicted\npreference of uncontrolled processes can lead to DoS. (CVE-2018-16878)\n\nA use-after-free flaw was found in pacemaker which could result in\ncertain sensitive information to be leaked via the system logs.\n(CVE-2019-3885)\n\nA flaw was found in the way pacemaker's client-server authentication\nwas implemented. A local attacker could use this flaw, and combine it\nwith other IPC weaknesses, to achieve local privilege escalation.\n(CVE-2018-16877)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1275.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update pacemaker' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"pacemaker-1.1.20-5.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"pacemaker-cli-1.1.20-5.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"pacemaker-cluster-libs-1.1.20-5.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"pacemaker-cts-1.1.20-5.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"pacemaker-debuginfo-1.1.20-5.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"pacemaker-doc-1.1.20-5.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"pacemaker-libs-1.1.20-5.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"pacemaker-libs-devel-1.1.20-5.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"pacemaker-nagios-plugins-metadata-1.1.20-5.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"pacemaker-remote-1.1.20-5.amzn2.0.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker / pacemaker-cli / pacemaker-cluster-libs / pacemaker-cts / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-19T13:49:48", "description": "This update for pacemaker fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357)\n\n - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication.\n (bsc#1131356)\n\n - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353)\n\nNon-security issue fixed :\n\n - crmd: delete resource from lrmd when appropriate to avoid timeouts with crmsh (bsc#1117381).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-05-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : pacemaker (openSUSE-2019-1400)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpacemaker-devel", "p-cpe:/a:novell:opensuse:libpacemaker3", "p-cpe:/a:novell:opensuse:libpacemaker3-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker", "p-cpe:/a:novell:opensuse:pacemaker-cli", "p-cpe:/a:novell:opensuse:pacemaker-cli-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker-cts", "p-cpe:/a:novell:opensuse:pacemaker-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker-debugsource", "p-cpe:/a:novell:opensuse:pacemaker-remote", "p-cpe:/a:novell:opensuse:pacemaker-remote-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1400.NASL", "href": "https://www.tenable.com/plugins/nessus/125213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1400.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125213);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n\n script_name(english:\"openSUSE Security Update : pacemaker (openSUSE-2019-1400)\");\n script_summary(english:\"Check for the openSUSE-2019-1400 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for pacemaker fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-3885: Fixed an information disclosure in log\n output. (bsc#1131357)\n\n - CVE-2018-16877: Fixed a local privilege escalation\n through insufficient IPC client-server authentication.\n (bsc#1131356)\n\n - CVE-2018-16878: Fixed a denial of service through\n insufficient verification inflicted preference of\n uncontrolled processes. (bsc#1131353)\n\nNon-security issue fixed :\n\n - crmd: delete resource from lrmd when appropriate to\n avoid timeouts with crmsh (bsc#1117381).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131357\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pacemaker packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cli-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-remote-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libpacemaker-devel-1.1.18+20180430.b12c320f5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libpacemaker3-1.1.18+20180430.b12c320f5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libpacemaker3-debuginfo-1.1.18+20180430.b12c320f5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"pacemaker-1.1.18+20180430.b12c320f5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"pacemaker-cli-1.1.18+20180430.b12c320f5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"pacemaker-cli-debuginfo-1.1.18+20180430.b12c320f5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"pacemaker-cts-1.1.18+20180430.b12c320f5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"pacemaker-debuginfo-1.1.18+20180430.b12c320f5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"pacemaker-debugsource-1.1.18+20180430.b12c320f5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"pacemaker-remote-1.1.18+20180430.b12c320f5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"pacemaker-remote-debuginfo-1.1.18+20180430.b12c320f5-lp150.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpacemaker-devel / libpacemaker3 / libpacemaker3-debuginfo / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:22:32", "description": "An update for pacemaker is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures.\n\nSecurity Fix(es) :\n\n* pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877)\n\n* pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878)\n\n* pacemaker: Information disclosure through use-after-free (CVE-2019-3885)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Interrupted live migration will get full start rather than completed migration (BZ#1695247)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-05-28T00:00:00", "type": "nessus", "title": "RHEL 8 : pacemaker (RHSA-2019:1279)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2020-01-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:pacemaker", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cli", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cli-debuginfo", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cts", "p-cpe:/a:redhat:enterprise_linux:pacemaker-debuginfo", "p-cpe:/a:redhat:enterprise_linux:pacemaker-debugsource", "p-cpe:/a:redhat:enterprise_linux:pacemaker-doc", "p-cpe:/a:redhat:enterprise_linux:pacemaker-libs", "p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-devel", "p-cpe:/a:redhat:enterprise_linux:pacemaker-nagios-plugins-metadata", "p-cpe:/a:redhat:enterprise_linux:pacemaker-remote", "p-cpe:/a:redhat:enterprise_linux:pacemaker-remote-debuginfo", "p-cpe:/a:redhat:enterprise_linux:pacemaker-schemas", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-1279.NASL", "href": "https://www.tenable.com/plugins/nessus/125446", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1279. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125446);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/30\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_xref(name:\"RHSA\", value:\"2019:1279\");\n\n script_name(english:\"RHEL 8 : pacemaker (RHSA-2019:1279)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for pacemaker is now available for Red Hat Enterprise Linux\n8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Pacemaker cluster resource manager is a collection of technologies\nworking together to maintain data integrity and application\navailability in the event of failures.\n\nSecurity Fix(es) :\n\n* pacemaker: Insufficient local IPC client-server authentication on\nthe client's side can lead to local privesc (CVE-2018-16877)\n\n* pacemaker: Insufficient verification inflicted preference of\nuncontrolled processes can lead to DoS (CVE-2018-16878)\n\n* pacemaker: Information disclosure through use-after-free\n(CVE-2019-3885)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Interrupted live migration will get full start rather than completed\nmigration (BZ#1695247)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3885\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cli-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-remote-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1279\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-cli-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-cli-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"pacemaker-cli-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-cli-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-cli-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"pacemaker-cluster-libs-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-cluster-libs-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-cluster-libs-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"pacemaker-cluster-libs-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-cluster-libs-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-cluster-libs-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"pacemaker-cts-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"pacemaker-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"pacemaker-debugsource-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-debugsource-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-debugsource-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"pacemaker-doc-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"pacemaker-libs-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-libs-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-libs-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"pacemaker-libs-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-libs-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-libs-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"pacemaker-libs-devel-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-libs-devel-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-libs-devel-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"pacemaker-nagios-plugins-metadata-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-remote-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-remote-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"pacemaker-remote-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"pacemaker-remote-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pacemaker-remote-debuginfo-2.0.1-4.el8_0.3\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"pacemaker-schemas-2.0.1-4.el8_0.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker / pacemaker-cli / pacemaker-cli-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:22:43", "description": "An update for pacemaker is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures.\n\nSecurity Fix(es) :\n\n* pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877)\n\n* pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878)\n\n* pacemaker: Information disclosure through use-after-free (CVE-2019-3885)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-05-28T00:00:00", "type": "nessus", "title": "RHEL 7 : pacemaker (RHSA-2019:1278)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2020-01-15T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:pacemaker", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cli", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cts", "p-cpe:/a:redhat:enterprise_linux:pacemaker-debuginfo", "p-cpe:/a:redhat:enterprise_linux:pacemaker-doc", "p-cpe:/a:redhat:enterprise_linux:pacemaker-libs", "p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-devel", "p-cpe:/a:redhat:enterprise_linux:pacemaker-nagios-plugins-metadata", "p-cpe:/a:redhat:enterprise_linux:pacemaker-remote", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-1278.NASL", "href": "https://www.tenable.com/plugins/nessus/125445", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1278. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125445);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_xref(name:\"RHSA\", value:\"2019:1278\");\n\n script_name(english:\"RHEL 7 : pacemaker (RHSA-2019:1278)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for pacemaker is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Pacemaker cluster resource manager is a collection of technologies\nworking together to maintain data integrity and application\navailability in the event of failures.\n\nSecurity Fix(es) :\n\n* pacemaker: Insufficient local IPC client-server authentication on\nthe client's side can lead to local privesc (CVE-2018-16877)\n\n* pacemaker: Insufficient verification inflicted preference of\nuncontrolled processes can lead to DoS (CVE-2018-16878)\n\n* pacemaker: Information disclosure through use-after-free\n(CVE-2019-3885)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3885\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1278\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pacemaker-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pacemaker-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pacemaker-cli-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pacemaker-cli-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"pacemaker-cluster-libs-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pacemaker-cluster-libs-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pacemaker-cluster-libs-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pacemaker-cts-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pacemaker-cts-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"pacemaker-debuginfo-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pacemaker-debuginfo-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pacemaker-debuginfo-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pacemaker-doc-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pacemaker-doc-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"pacemaker-libs-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pacemaker-libs-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pacemaker-libs-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"pacemaker-libs-devel-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pacemaker-libs-devel-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pacemaker-libs-devel-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"pacemaker-remote-1.1.19-8.el7_6.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pacemaker-remote-1.1.19-8.el7_6.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker / pacemaker-cli / pacemaker-cluster-libs / pacemaker-cts / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:27:06", "description": "Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "Fedora 29 : pacemaker (2019-b502250ba4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pacemaker", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-B502250BA4.NASL", "href": "https://www.tenable.com/plugins/nessus/124604", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-b502250ba4.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124604);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_xref(name:\"FEDORA\", value:\"2019-b502250ba4\");\n\n script_name(english:\"Fedora 29 : pacemaker (2019-b502250ba4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-b502250ba4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pacemaker package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"pacemaker-2.0.0-5.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:27:22", "description": "Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-05-02T00:00:00", "type": "nessus", "title": "Fedora 30 : pacemaker (2019-e4c8de3fb7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pacemaker", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-E4C8DE3FB7.NASL", "href": "https://www.tenable.com/plugins/nessus/124549", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-e4c8de3fb7.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124549);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_xref(name:\"FEDORA\", value:\"2019-e4c8de3fb7\");\n\n script_name(english:\"Fedora 30 : pacemaker (2019-e4c8de3fb7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e4c8de3fb7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pacemaker package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"pacemaker-2.0.1-2.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:27:06", "description": "Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "Fedora 28 : pacemaker (2019-e71f6f36ac)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pacemaker", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-E71F6F36AC.NASL", "href": "https://www.tenable.com/plugins/nessus/124606", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-e71f6f36ac.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124606);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_xref(name:\"FEDORA\", value:\"2019-e71f6f36ac\");\n\n script_name(english:\"Fedora 28 : pacemaker (2019-e71f6f36ac)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e71f6f36ac\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pacemaker package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"pacemaker-1.1.18-3.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:22:58", "description": "Security Fix(es) :\n\n - pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877)\n\n - pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878)\n\n - pacemaker: Information disclosure through use-after-free (CVE-2019-3885)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-05-29T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : pacemaker on SL7.x x86_64 (20190528)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:pacemaker", "p-cpe:/a:fermilab:scientific_linux:pacemaker-cli", "p-cpe:/a:fermilab:scientific_linux:pacemaker-cluster-libs", "p-cpe:/a:fermilab:scientific_linux:pacemaker-cts", "p-cpe:/a:fermilab:scientific_linux:pacemaker-debuginfo", "p-cpe:/a:fermilab:scientific_linux:pacemaker-doc", "p-cpe:/a:fermilab:scientific_linux:pacemaker-libs", "p-cpe:/a:fermilab:scientific_linux:pacemaker-libs-devel", "p-cpe:/a:fermilab:scientific_linux:pacemaker-nagios-plugins-metadata", "p-cpe:/a:fermilab:scientific_linux:pacemaker-remote", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190528_PACEMAKER_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/125531", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125531);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n\n script_name(english:\"Scientific Linux Security Update : pacemaker on SL7.x x86_64 (20190528)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - pacemaker: Insufficient local IPC client-server\n authentication on the client's side can lead to local\n privesc (CVE-2018-16877)\n\n - pacemaker: Insufficient verification inflicted\n preference of uncontrolled processes can lead to DoS\n (CVE-2018-16878)\n\n - pacemaker: Information disclosure through use-after-free\n (CVE-2019-3885)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1905&L=SCIENTIFIC-LINUX-ERRATA&P=6805\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9a86cfa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pacemaker-1.1.19-8.el7_6.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pacemaker-cli-1.1.19-8.el7_6.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pacemaker-cluster-libs-1.1.19-8.el7_6.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pacemaker-cts-1.1.19-8.el7_6.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pacemaker-debuginfo-1.1.19-8.el7_6.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pacemaker-doc-1.1.19-8.el7_6.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pacemaker-libs-1.1.19-8.el7_6.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pacemaker-libs-devel-1.1.19-8.el7_6.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pacemaker-remote-1.1.19-8.el7_6.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker / pacemaker-cli / pacemaker-cluster-libs / pacemaker-cts / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-19T00:55:08", "description": "This update for pacemaker fixes the following issues :\n\n - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916)\n\n - extra: add vim modelines to agents\n\n - extra: quote shell variables in agent code where appropriate (bsc#1175557)\n\n - extra: remove trailing whitespace from agent code\n\n - extra: update agent boilerplate (copyright/license notices)\n\n - extra: use 4-space indents in resource agent code\n\n - extra: use ':=' where appropriate in agent code\n\n - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916)\n\n - move bcond_with/without up front for e.g. pcmk_release\n\n - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916)\n\n - rpm: add spec option for enabling CIB secrets\n\n - rpm: put user-configurable items at top of spec\n\n - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : pacemaker (openSUSE-2020-1825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpacemaker-devel", "p-cpe:/a:novell:opensuse:libpacemaker3", "p-cpe:/a:novell:opensuse:libpacemaker3-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker", "p-cpe:/a:novell:opensuse:pacemaker-cli", "p-cpe:/a:novell:opensuse:pacemaker-cli-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker-cts", "p-cpe:/a:novell:opensuse:pacemaker-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker-debugsource", "p-cpe:/a:novell:opensuse:pacemaker-remote", "p-cpe:/a:novell:opensuse:pacemaker-remote-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1825.NASL", "href": "https://www.tenable.com/plugins/nessus/142583", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1825.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142583);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/09\");\n\n script_cve_id(\"CVE-2020-25654\");\n\n script_name(english:\"openSUSE Security Update : pacemaker (openSUSE-2020-1825)\");\n script_summary(english:\"Check for the openSUSE-2020-1825 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for pacemaker fixes the following issues :\n\n - executor: restrict certain IPC requests to Pacemaker\n daemons (CVE-2020-25654, bsc#1177916)\n\n - extra: add vim modelines to agents\n\n - extra: quote shell variables in agent code where\n appropriate (bsc#1175557)\n\n - extra: remove trailing whitespace from agent code\n\n - extra: update agent boilerplate (copyright/license\n notices)\n\n - extra: use 4-space indents in resource agent code\n\n - extra: use ':=' where appropriate in agent code\n\n - fencer: restrict certain IPC requests to privileged\n users (CVE-2020-25654, bsc#1177916)\n\n - move bcond_with/without up front for e.g. pcmk_release\n\n - pacemakerd: ignore shutdown requests from unprivileged\n users (CVE-2020-25654, bsc#1177916)\n\n - rpm: add spec option for enabling CIB secrets\n\n - rpm: put user-configurable items at top of spec\n\n - rpm: use the user/group ID 90 for haclient/hacluster to\n be consistent with cluster-glue (bsc#1167171)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177916\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected pacemaker packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cli-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-remote-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpacemaker-devel-2.0.1+20190417.13d370ca9-lp151.2.16.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpacemaker3-2.0.1+20190417.13d370ca9-lp151.2.16.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpacemaker3-debuginfo-2.0.1+20190417.13d370ca9-lp151.2.16.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"pacemaker-2.0.1+20190417.13d370ca9-lp151.2.16.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"pacemaker-cli-2.0.1+20190417.13d370ca9-lp151.2.16.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"pacemaker-cli-debuginfo-2.0.1+20190417.13d370ca9-lp151.2.16.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"pacemaker-cts-2.0.1+20190417.13d370ca9-lp151.2.16.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"pacemaker-debuginfo-2.0.1+20190417.13d370ca9-lp151.2.16.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"pacemaker-debugsource-2.0.1+20190417.13d370ca9-lp151.2.16.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"pacemaker-remote-2.0.1+20190417.13d370ca9-lp151.2.16.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"pacemaker-remote-debuginfo-2.0.1+20190417.13d370ca9-lp151.2.16.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpacemaker-devel / libpacemaker3 / libpacemaker3-debuginfo / etc\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T00:47:09", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4623-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Pacemaker vulnerability (USN-4623-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2021-05-19T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:libcib-dev", "p-cpe:/a:canonical:ubuntu_linux:libcib27", "p-cpe:/a:canonical:ubuntu_linux:libcib4", "p-cpe:/a:canonical:ubuntu_linux:libcrmcluster-dev", "p-cpe:/a:canonical:ubuntu_linux:libcrmcluster29", "p-cpe:/a:canonical:ubuntu_linux:libcrmcluster4", "p-cpe:/a:canonical:ubuntu_linux:libcrmcommon-dev", "p-cpe:/a:canonical:ubuntu_linux:libcrmcommon3", "p-cpe:/a:canonical:ubuntu_linux:libcrmcommon34", "p-cpe:/a:canonical:ubuntu_linux:libcrmservice-dev", "p-cpe:/a:canonical:ubuntu_linux:libcrmservice28", "p-cpe:/a:canonical:ubuntu_linux:libcrmservice3", "p-cpe:/a:canonical:ubuntu_linux:liblrmd-dev", "p-cpe:/a:canonical:ubuntu_linux:liblrmd1", "p-cpe:/a:canonical:ubuntu_linux:liblrmd28", "p-cpe:/a:canonical:ubuntu_linux:libpacemaker1", "p-cpe:/a:canonical:ubuntu_linux:libpe-rules2", "p-cpe:/a:canonical:ubuntu_linux:libpe-rules26", "p-cpe:/a:canonical:ubuntu_linux:libpe-status10", "p-cpe:/a:canonical:ubuntu_linux:libpe-status28", "p-cpe:/a:canonical:ubuntu_linux:libpengine-dev", "p-cpe:/a:canonical:ubuntu_linux:libpengine10", "p-cpe:/a:canonical:ubuntu_linux:libstonithd-dev", "p-cpe:/a:canonical:ubuntu_linux:libstonithd2", "p-cpe:/a:canonical:ubuntu_linux:libstonithd26", "p-cpe:/a:canonical:ubuntu_linux:libtransitioner2", "p-cpe:/a:canonical:ubuntu_linux:pacemaker", "p-cpe:/a:canonical:ubuntu_linux:pacemaker-cli-utils", "p-cpe:/a:canonical:ubuntu_linux:pacemaker-common", "p-cpe:/a:canonical:ubuntu_linux:pacemaker-dev", "p-cpe:/a:canonical:ubuntu_linux:pacemaker-remote", "p-cpe:/a:canonical:ubuntu_linux:pacemaker-resource-agents"], "id": "UBUNTU_USN-4623-1.NASL", "href": "https://www.tenable.com/plugins/nessus/142729", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4623-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142729);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/19\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"USN\", value:\"4623-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Pacemaker vulnerability (USN-4623-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a\nvulnerability as referenced in the USN-4623-1 advisory. Note that Nessus has not tested for this issue but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4623-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcib-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcib27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcib4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrmcluster-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrmcluster29\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrmcluster4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrmcommon-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrmcommon3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrmcommon34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrmservice-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrmservice28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrmservice3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblrmd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblrmd1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblrmd28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpacemaker1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpe-rules2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpe-rules26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpe-status10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpe-status28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpengine-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpengine10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libstonithd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libstonithd2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libstonithd26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtransitioner2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pacemaker-cli-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pacemaker-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pacemaker-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pacemaker-resource-agents\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2021 Canonical, Inc. / NASL script (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'libcib-dev', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libcib4', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libcrmcluster-dev', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libcrmcluster4', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libcrmcommon-dev', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libcrmcommon3', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libcrmservice-dev', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libcrmservice3', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'liblrmd-dev', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'liblrmd1', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libpe-rules2', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libpe-status10', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libpengine-dev', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libpengine10', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libstonithd-dev', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libstonithd2', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'libtransitioner2', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'pacemaker', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'pacemaker-cli-utils', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'pacemaker-common', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'pacemaker-remote', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '16.04', 'pkgname': 'pacemaker-resource-agents', 'pkgver': '1.1.14-2ubuntu1.9'},\n {'osver': '18.04', 'pkgname': 'libcib-dev', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libcib4', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libcrmcluster-dev', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libcrmcluster4', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libcrmcommon-dev', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libcrmcommon3', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libcrmservice-dev', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libcrmservice3', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'liblrmd-dev', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'liblrmd1', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libpe-rules2', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libpe-status10', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libpengine-dev', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libpengine10', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libstonithd-dev', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libstonithd2', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'libtransitioner2', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'pacemaker', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'pacemaker-cli-utils', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'pacemaker-common', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'pacemaker-remote', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '18.04', 'pkgname': 'pacemaker-resource-agents', 'pkgver': '1.1.18-0ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'libcib-dev', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libcib27', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libcrmcluster-dev', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libcrmcluster29', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libcrmcommon-dev', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libcrmcommon34', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libcrmservice-dev', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libcrmservice28', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'liblrmd-dev', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'liblrmd28', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libpacemaker1', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libpe-rules26', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libpe-status28', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libpengine-dev', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libstonithd-dev', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'libstonithd26', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'pacemaker', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'pacemaker-cli-utils', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'pacemaker-common', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'pacemaker-dev', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'pacemaker-remote', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.04', 'pkgname': 'pacemaker-resource-agents', 'pkgver': '2.0.3-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'libcib27', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'libcrmcluster29', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'libcrmcommon34', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'libcrmservice28', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'liblrmd28', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'libpacemaker1', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'libpe-rules26', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'libpe-status28', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'libstonithd26', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'pacemaker', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'pacemaker-cli-utils', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'pacemaker-common', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'pacemaker-dev', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'pacemaker-remote', 'pkgver': '2.0.4-2ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'pacemaker-resource-agents', 'pkgver': '2.0.4-2ubuntu3.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libcib-dev / libcib27 / libcib4 / libcrmcluster-dev / libcrmcluster29 / etc');\n}", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:52:31", "description": "Ken Gaillot discovered a vulnerability in the Pacemaker cluster resource manager: If ACLs were configured for users in the 'haclient'group, the ACL restrictions could be bypassed via unrestricted IPC communication, resulting in cluster-wide arbitrary code execution with root privileges.\n\nIf the 'enable-acl' cluster option isn't enabled, members of the'haclient' group can modify Pacemaker's Cluster Information Base without restriction, which already gives them these capabilities, so there is no additional exposure in such a setup.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-17T00:00:00", "type": "nessus", "title": "Debian DSA-4791-1 : pacemaker - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:pacemaker", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4791.NASL", "href": "https://www.tenable.com/plugins/nessus/142920", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4791. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142920);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/09\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"DSA\", value:\"4791\");\n\n script_name(english:\"Debian DSA-4791-1 : pacemaker - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ken Gaillot discovered a vulnerability in the Pacemaker cluster\nresource manager: If ACLs were configured for users in the\n'haclient'group, the ACL restrictions could be bypassed via\nunrestricted IPC communication, resulting in cluster-wide arbitrary\ncode execution with root privileges.\n\nIf the 'enable-acl' cluster option isn't enabled, members of\nthe'haclient' group can modify Pacemaker's Cluster Information Base\nwithout restriction, which already gives them these capabilities, so\nthere is no additional exposure in such a setup.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/pacemaker\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/pacemaker\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4791\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the pacemaker packages.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.0.1-5+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libcib-dev\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcib27\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcrmcluster-dev\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcrmcluster29\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcrmcommon-dev\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcrmcommon34\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcrmservice-dev\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcrmservice28\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblrmd-dev\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblrmd28\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libpe-rules26\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libpe-status28\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libpengine-dev\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libpengine27\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libstonithd-dev\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libstonithd26\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libtransitioner25\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pacemaker\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pacemaker-cli-utils\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pacemaker-common\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pacemaker-dev\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pacemaker-doc\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pacemaker-remote\", reference:\"2.0.1-5+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pacemaker-resource-agents\", reference:\"2.0.1-5+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T00:54:10", "description": "This update for pacemaker fixes the following issues :\n\nUpdate to 2.0.4 :\n\n - based: use crm_exit to free qb-logging\n\n - cibsecret: don't use pssh -q option unless supported\n\n - crm_error: use g_free for a proper match\n\n - crm_mon: NULL output-pointer when buffer is freed\n\n - crm_resource: avoid unnecessary issus with dynamic allocation\n\n - crm_ticket: avoid unnecessary issues with dynamic allocation\n\n - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916)\n\n - fencer: avoid infinite loop if device is removed during operation\n\n - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916)\n\n - libcrmcommon: free basename after setting prgname\n\n - libcrmcommon: return ENOMEM directly instead of errno\n\n - libpe_status: Modify filtering of inactive resources.\n\n - libreplace: closedir when bailing out dir traversal\n\n - move bcond_with/without up front for e.g. pcmk_release\n\n - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916)\n\n - resources: attribute name parameter doesn't have to be unique\n\n - rpm: add spec option for enabling CIB secrets\n\n - rpm: put user-configurable items at top of spec\n\n - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171)\n\n - scheduler: Add the node name back to bundle instances.\n\n - silence some false positives static analysis stumbled over\n\n - tools: check resource separately from managing parameter in cibsecret\n\n - tools: free IPC memory after closing connection\n\n - tools: improve cibsecret help\n\n - tools: verify newly created CIB connection is not NULL\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "openSUSE Security Update : pacemaker (openSUSE-2020-1782)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpacemaker-devel", "p-cpe:/a:novell:opensuse:libpacemaker3", "p-cpe:/a:novell:opensuse:libpacemaker3-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker", "p-cpe:/a:novell:opensuse:pacemaker-cli", "p-cpe:/a:novell:opensuse:pacemaker-cli-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker-cts", "p-cpe:/a:novell:opensuse:pacemaker-debuginfo", "p-cpe:/a:novell:opensuse:pacemaker-debugsource", "p-cpe:/a:novell:opensuse:pacemaker-remote", "p-cpe:/a:novell:opensuse:pacemaker-remote-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1782.NASL", "href": "https://www.tenable.com/plugins/nessus/142194", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1782.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142194);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/09\");\n\n script_cve_id(\"CVE-2020-25654\");\n\n script_name(english:\"openSUSE Security Update : pacemaker (openSUSE-2020-1782)\");\n script_summary(english:\"Check for the openSUSE-2020-1782 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for pacemaker fixes the following issues :\n\nUpdate to 2.0.4 :\n\n - based: use crm_exit to free qb-logging\n\n - cibsecret: don't use pssh -q option unless supported\n\n - crm_error: use g_free for a proper match\n\n - crm_mon: NULL output-pointer when buffer is freed\n\n - crm_resource: avoid unnecessary issus with dynamic\n allocation\n\n - crm_ticket: avoid unnecessary issues with dynamic\n allocation\n\n - executor: restrict certain IPC requests to Pacemaker\n daemons (CVE-2020-25654, bsc#1177916)\n\n - fencer: avoid infinite loop if device is removed during\n operation\n\n - fencer: restrict certain IPC requests to privileged\n users (CVE-2020-25654, bsc#1177916)\n\n - libcrmcommon: free basename after setting prgname\n\n - libcrmcommon: return ENOMEM directly instead of errno\n\n - libpe_status: Modify filtering of inactive resources.\n\n - libreplace: closedir when bailing out dir traversal\n\n - move bcond_with/without up front for e.g. pcmk_release\n\n - pacemakerd: ignore shutdown requests from unprivileged\n users (CVE-2020-25654, bsc#1177916)\n\n - resources: attribute name parameter doesn't have to be\n unique\n\n - rpm: add spec option for enabling CIB secrets\n\n - rpm: put user-configurable items at top of spec\n\n - rpm: use the user/group ID 90 for haclient/hacluster to\n be consistent with cluster-glue (bsc#1167171)\n\n - scheduler: Add the node name back to bundle instances.\n\n - silence some false positives static analysis stumbled\n over\n\n - tools: check resource separately from managing parameter\n in cibsecret\n\n - tools: free IPC memory after closing connection\n\n - tools: improve cibsecret help\n\n - tools: verify newly created CIB connection is not NULL\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177916\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected pacemaker packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpacemaker3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cli-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pacemaker-remote-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libpacemaker-devel-2.0.4+20200616.2deceaa3a-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libpacemaker3-2.0.4+20200616.2deceaa3a-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libpacemaker3-debuginfo-2.0.4+20200616.2deceaa3a-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"pacemaker-2.0.4+20200616.2deceaa3a-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"pacemaker-cli-2.0.4+20200616.2deceaa3a-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"pacemaker-cli-debuginfo-2.0.4+20200616.2deceaa3a-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"pacemaker-cts-2.0.4+20200616.2deceaa3a-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"pacemaker-debuginfo-2.0.4+20200616.2deceaa3a-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"pacemaker-debugsource-2.0.4+20200616.2deceaa3a-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"pacemaker-remote-2.0.4+20200616.2deceaa3a-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"pacemaker-remote-debuginfo-2.0.4+20200616.2deceaa3a-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpacemaker-devel / libpacemaker3 / libpacemaker3-debuginfo / etc\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:51:32", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5453 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "RHEL 7 : pacemaker (RHSA-2020:5453)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:pacemaker", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cli", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cts", "p-cpe:/a:redhat:enterprise_linux:pacemaker-doc", "p-cpe:/a:redhat:enterprise_linux:pacemaker-libs", "p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-devel", "p-cpe:/a:redhat:enterprise_linux:pacemaker-nagios-plugins-metadata", "p-cpe:/a:redhat:enterprise_linux:pacemaker-remote"], "id": "REDHAT-RHSA-2020-5453.NASL", "href": "https://www.tenable.com/plugins/nessus/144421", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5453. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144421);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"RHSA\", value:\"2020:5453\");\n\n script_name(english:\"RHEL 7 : pacemaker (RHSA-2020:5453)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5453 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5453\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1888191\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(284);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'pacemaker-1.1.23-1.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-cli-1.1.23-1.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-cli-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-cluster-libs-1.1.23-1.el7_9.1', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-cluster-libs-1.1.23-1.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-cluster-libs-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-cts-1.1.23-1.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-cts-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-doc-1.1.23-1.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-doc-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-libs-1.1.23-1.el7_9.1', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-libs-1.1.23-1.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-libs-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-libs-devel-1.1.23-1.el7_9.1', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-libs-devel-1.1.23-1.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-libs-devel-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-nagios-plugins-metadata-1.1.23-1.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-nagios-plugins-metadata-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-remote-1.1.23-1.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'pacemaker-remote-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pacemaker / pacemaker-cli / pacemaker-cluster-libs / pacemaker-cts / etc');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:51:33", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5487 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "RHEL 8 : pacemaker (RHSA-2020:5487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:pacemaker", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cli", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cts", "p-cpe:/a:redhat:enterprise_linux:pacemaker-doc", "p-cpe:/a:redhat:enterprise_linux:pacemaker-libs", "p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-devel", "p-cpe:/a:redhat:enterprise_linux:pacemaker-nagios-plugins-metadata", "p-cpe:/a:redhat:enterprise_linux:pacemaker-remote", "p-cpe:/a:redhat:enterprise_linux:pacemaker-schemas"], "id": "REDHAT-RHSA-2020-5487.NASL", "href": "https://www.tenable.com/plugins/nessus/144392", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5487. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144392);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"RHSA\", value:\"2020:5487\");\n\n script_name(english:\"RHEL 8 : pacemaker (RHSA-2020:5487)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5487 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1888191\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(284);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-schemas\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'pacemaker-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-2.0.4-6.el8_3.1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-cli-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-cli-2.0.4-6.el8_3.1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-cli-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-cluster-libs-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-cluster-libs-2.0.4-6.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-cluster-libs-2.0.4-6.el8_3.1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-cluster-libs-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-cts-2.0.4-6.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-doc-2.0.4-6.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-libs-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-libs-2.0.4-6.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-libs-2.0.4-6.el8_3.1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-libs-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-libs-devel-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-libs-devel-2.0.4-6.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-libs-devel-2.0.4-6.el8_3.1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-libs-devel-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-nagios-plugins-metadata-2.0.4-6.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-remote-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-remote-2.0.4-6.el8_3.1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-remote-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'pacemaker-schemas-2.0.4-6.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pacemaker / pacemaker-cli / pacemaker-cluster-libs / pacemaker-cts / etc');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-03-19T19:58:10", "description": "The update of pacemaker released as DLA-2447-1 caused a regression when the communication between the Corosync cluster engine and pacemaker takes place. A permission problem prevents IPC requests between cluster nodes. The patch for CVE-2020-25654 has been reverted until a better solution can be found.\n\nFor Debian 9 stretch, this problem has been fixed in version 1.1.16-1+deb9u2.\n\nWe recommend that you upgrade your pacemaker packages.\n\nFor the detailed security status of pacemaker please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/pacemaker\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Debian DLA-2447-2 : pacemaker regression update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2020-11-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcib-dev", "p-cpe:/a:debian:debian_linux:libcib4", "p-cpe:/a:debian:debian_linux:libcrmcluster-dev", "p-cpe:/a:debian:debian_linux:libcrmcluster4", "p-cpe:/a:debian:debian_linux:libcrmcommon-dev", "p-cpe:/a:debian:debian_linux:libcrmcommon3", "p-cpe:/a:debian:debian_linux:libcrmservice-dev", "p-cpe:/a:debian:debian_linux:libcrmservice3", "p-cpe:/a:debian:debian_linux:liblrmd-dev", "p-cpe:/a:debian:debian_linux:liblrmd1", "p-cpe:/a:debian:debian_linux:libpe-rules2", "p-cpe:/a:debian:debian_linux:libpe-status10", "p-cpe:/a:debian:debian_linux:libpengine-dev", "p-cpe:/a:debian:debian_linux:libpengine10", "p-cpe:/a:debian:debian_linux:libstonithd-dev", "p-cpe:/a:debian:debian_linux:libstonithd2", "p-cpe:/a:debian:debian_linux:libtransitioner2", "p-cpe:/a:debian:debian_linux:pacemaker", "p-cpe:/a:debian:debian_linux:pacemaker-cli-utils", "p-cpe:/a:debian:debian_linux:pacemaker-common", "p-cpe:/a:debian:debian_linux:pacemaker-doc", "p-cpe:/a:debian:debian_linux:pacemaker-remote", "p-cpe:/a:debian:debian_linux:pacemaker-resource-agents", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2447.NASL", "href": "https://www.tenable.com/plugins/nessus/142832", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2447-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142832);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/18\");\n\n script_name(english:\"Debian DLA-2447-2 : pacemaker regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The update of pacemaker released as DLA-2447-1 caused a regression\nwhen the communication between the Corosync cluster engine and\npacemaker takes place. A permission problem prevents IPC requests\nbetween cluster nodes. The patch for CVE-2020-25654 has been reverted\nuntil a better solution can be found.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.1.16-1+deb9u2.\n\nWe recommend that you upgrade your pacemaker packages.\n\nFor the detailed security status of pacemaker please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/pacemaker\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/11/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/pacemaker\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/pacemaker\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcib-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcib4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmcluster-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmcluster4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmcommon-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmcommon3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmservice-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrmservice3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblrmd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblrmd1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpe-rules2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpe-status10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpengine-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpengine10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libstonithd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libstonithd2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtransitioner2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker-cli-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pacemaker-resource-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libcib-dev\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcib4\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmcluster-dev\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmcluster4\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmcommon-dev\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmcommon3\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmservice-dev\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcrmservice3\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"liblrmd-dev\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"liblrmd1\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpe-rules2\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpe-status10\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpengine-dev\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpengine10\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libstonithd-dev\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libstonithd2\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libtransitioner2\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker-cli-utils\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker-common\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker-doc\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker-remote\", reference:\"1.1.16-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"pacemaker-resource-agents\", reference:\"1.1.16-1+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-02-19T00:45:14", "description": "The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2020:5453-1 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : pacemaker on SL7.x i686/x86_64 (2020:5453)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-16T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:pacemaker", "p-cpe:/a:fermilab:scientific_linux:pacemaker-cli", "p-cpe:/a:fermilab:scientific_linux:pacemaker-cluster-libs", "p-cpe:/a:fermilab:scientific_linux:pacemaker-cts", "p-cpe:/a:fermilab:scientific_linux:pacemaker-debuginfo", "p-cpe:/a:fermilab:scientific_linux:pacemaker-doc", "p-cpe:/a:fermilab:scientific_linux:pacemaker-libs", "p-cpe:/a:fermilab:scientific_linux:pacemaker-libs-devel", "p-cpe:/a:fermilab:scientific_linux:pacemaker-nagios-plugins-metadata", "p-cpe:/a:fermilab:scientific_linux:pacemaker-remote"], "id": "SL_20201215_PACEMAKER_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/144297", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144297);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/16\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"RHSA\", value:\"RHSA-2020:5453\");\n\n script_name(english:\"Scientific Linux Security Update : pacemaker on SL7.x i686/x86_64 (2020:5453)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nSLSA-2020:5453-1 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20205453-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pacemaker-remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\npkgs = [\n {'reference':'pacemaker-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'pacemaker-cli-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'pacemaker-cluster-libs-1.1.23-1.el7_9.1', 'cpu':'i686', 'release':'SL7'},\n {'reference':'pacemaker-cluster-libs-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'pacemaker-cts-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'pacemaker-debuginfo-1.1.23-1.el7_9.1', 'cpu':'i686', 'release':'SL7'},\n {'reference':'pacemaker-debuginfo-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'pacemaker-doc-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'pacemaker-libs-1.1.23-1.el7_9.1', 'cpu':'i686', 'release':'SL7'},\n {'reference':'pacemaker-libs-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'pacemaker-libs-devel-1.1.23-1.el7_9.1', 'cpu':'i686', 'release':'SL7'},\n {'reference':'pacemaker-libs-devel-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'pacemaker-nagios-plugins-metadata-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'pacemaker-remote-1.1.23-1.el7_9.1', 'cpu':'x86_64', 'release':'SL7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pacemaker / pacemaker-cli / pacemaker-cluster-libs / etc');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:53:09", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5423 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "RHEL 8 : pacemaker (RHSA-2020:5423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:pacemaker", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cli", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs", "p-cpe:/a:redhat:enterprise_linux:pacemaker-cts", "p-cpe:/a:redhat:enterprise_linux:pacemaker-doc", "p-cpe:/a:redhat:enterprise_linux:pacemaker-libs", "p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-devel", "p-cpe:/a:redhat:enterprise_linux:pacemaker-nagios-plugins-metadata", "p-cpe:/a:redhat:enterprise_linux:pacemaker-remote", "p-cpe:/a:redhat:enterprise_linux:pacemaker-schemas"], "id": "REDHAT-RHSA-2020-5423.NASL", "href": "https://www.tenable.com/plugins/nessus/144274", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5423. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144274);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"RHSA\", value:\"2020:5423\");\n\n script_name(english:\"RHEL 8 : pacemaker (RHSA-2020:5423)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5423 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1888191\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(284);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pacemaker-schemas\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_aus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_2_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_2_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_2_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_2'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'pacemaker-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-cli-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-cli-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-cli-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-cluster-libs-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-cluster-libs-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-cluster-libs-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-cluster-libs-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-cts-2.0.3-5.el8_2.3', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-doc-2.0.3-5.el8_2.3', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-libs-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-libs-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-libs-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-libs-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-libs-devel-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-libs-devel-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-libs-devel-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-libs-devel-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-nagios-plugins-metadata-2.0.3-5.el8_2.3', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-remote-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-remote-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-remote-2.0.3-5.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'pacemaker-schemas-2.0.3-5.el8_2.3', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pacemaker / pacemaker-cli / pacemaker-cluster-libs / pacemaker-cts / etc');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:53:30", "description": "- Wed Nov 18 2020 Klaus Wenninger <kwenning@redhat.com> - 2.0.5-0.7.rc3\n\n - a little more syncing with upstream spec-file\n\n - Tue Nov 17 2020 Klaus Wenninger <kwenning@redhat.com> - 2.0.5-0.6.rc3\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pa cemaker-2.0.5-rc3\n\n - Corosync in Fedora now provides corosync-devel as well in isa-flavor\n\n - Sun Nov 1 2020 Klaus Wenninger <kwenning@redhat.com> - 2.0.5-0.5.rc2\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pa cemaker-2.0.5-rc2\n\n - Remove dependencies to nagios-plugins from metadata-package\n\n - some sync with structure of upstream spec-file\n\n - removed some legacy conditionals\n\n - added with-cibsecrets\n\n - enable some basic gating-tests\n\n - remove building documentation using publican from ELN\n\n - rename doc-dir for ELN\n\n----\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pa cemaker-2.0.5-rc2\n\n - Remove dependencies to nagios-plugins from metadata-package\n\n - some sync with structure of upstream spec-file\n\n - removed some legacy conditionals\n\n - added with-cibsecrets\n\n - enable some basic gating-tests\n\n - remove building documentation using publican from ELN\n\n - rename doc-dir for ELN\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "Fedora 32 : pacemaker (2020-2cbe0089e2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pacemaker", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-2CBE0089E2.NASL", "href": "https://www.tenable.com/plugins/nessus/143325", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-2cbe0089e2.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143325);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/09\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"FEDORA\", value:\"2020-2cbe0089e2\");\n\n script_name(english:\"Fedora 32 : pacemaker (2020-2cbe0089e2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\" - Wed Nov 18 2020 Klaus Wenninger <kwenning@redhat.com> -\n 2.0.5-0.7.rc3\n\n - a little more syncing with upstream spec-file\n\n - Tue Nov 17 2020 Klaus Wenninger <kwenning@redhat.com> -\n 2.0.5-0.6.rc3\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc3 for full details, see included\n ChangeLog file or\n https://github.com/ClusterLabs/pacemaker/releases/tag/Pa\n cemaker-2.0.5-rc3\n\n - Corosync in Fedora now provides corosync-devel as well\n in isa-flavor\n\n - Sun Nov 1 2020 Klaus Wenninger <kwenning@redhat.com> -\n 2.0.5-0.5.rc2\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for\n full details, see included ChangeLog file or\n https://github.com/ClusterLabs/pacemaker/releases/tag/Pa\n cemaker-2.0.5-rc2\n\n - Remove dependencies to nagios-plugins from\n metadata-package\n\n - some sync with structure of upstream spec-file\n\n - removed some legacy conditionals\n\n - added with-cibsecrets\n\n - enable some basic gating-tests\n\n - remove building documentation using publican from ELN\n\n - rename doc-dir for ELN\n\n----\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for\n full details, see included ChangeLog file or\n https://github.com/ClusterLabs/pacemaker/releases/tag/Pa\n cemaker-2.0.5-rc2\n\n - Remove dependencies to nagios-plugins from\n metadata-package\n\n - some sync with structure of upstream spec-file\n\n - removed some legacy conditionals\n\n - added with-cibsecrets\n\n - enable some basic gating-tests\n\n - remove building documentation using publican from ELN\n\n - rename doc-dir for ELN\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-2cbe0089e2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected pacemaker package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"pacemaker-2.0.5-0.7.rc3.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:52:32", "description": "** Wed Nov 18 2020 Klaus Wenninger <kwenning@redhat.com> - 2.0.5-0.7.rc3 **\n\n - a little more syncing with upstream spec-file\n\n** Tue Nov 17 2020 Klaus Wenninger <kwenning@redhat.com> - 2.0.5-0.6.rc3 **\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pa cemaker-2.0.5-rc3\n\n - Corosync in Fedora now provides corosync-devel as well in isa-flavor\n\n** Sun Nov 1 2020 Klaus Wenninger <kwenning@redhat.com> - 2.0.5-0.5.rc2 **\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pa cemaker-2.0.5-rc2\n\n - Remove dependencies to nagios-plugins from metadata-package\n\n - some sync with structure of upstream spec-file\n\n - removed some legacy conditionals\n\n - added with-cibsecrets\n\n - enable some basic gating-tests\n\n - remove building documentation using publican from ELN\n\n - rename doc-dir for ELN\n\n----\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pa cemaker-2.0.5-rc2\n\n - Remove dependencies to nagios-plugins from metadata-package\n\n - some sync with structure of upstream spec-file\n\n - removed some legacy conditionals\n\n - added with-cibsecrets\n\n - enable some basic gating-tests\n\n - remove building documentation using publican from ELN\n\n - rename doc-dir for ELN\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "Fedora 33 : pacemaker (2020-3d0e38b9e7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pacemaker", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-3D0E38B9E7.NASL", "href": "https://www.tenable.com/plugins/nessus/143356", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-3d0e38b9e7.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143356);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/09\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"FEDORA\", value:\"2020-3d0e38b9e7\");\n\n script_name(english:\"Fedora 33 : pacemaker (2020-3d0e38b9e7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"** Wed Nov 18 2020 Klaus Wenninger <kwenning@redhat.com> -\n2.0.5-0.7.rc3 **\n\n - a little more syncing with upstream spec-file\n\n** Tue Nov 17 2020 Klaus Wenninger <kwenning@redhat.com> -\n2.0.5-0.6.rc3 **\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc3 for full details, see included\n ChangeLog file or\n https://github.com/ClusterLabs/pacemaker/releases/tag/Pa\n cemaker-2.0.5-rc3\n\n - Corosync in Fedora now provides corosync-devel as well\n in isa-flavor\n\n** Sun Nov 1 2020 Klaus Wenninger <kwenning@redhat.com> -\n2.0.5-0.5.rc2 **\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for\n full details, see included ChangeLog file or\n https://github.com/ClusterLabs/pacemaker/releases/tag/Pa\n cemaker-2.0.5-rc2\n\n - Remove dependencies to nagios-plugins from\n metadata-package\n\n - some sync with structure of upstream spec-file\n\n - removed some legacy conditionals\n\n - added with-cibsecrets\n\n - enable some basic gating-tests\n\n - remove building documentation using publican from ELN\n\n - rename doc-dir for ELN\n\n----\n\n - Update for new upstream tarball for release candidate:\n Pacemaker-2.0.5-rc2, includes fix for CVE-2020-25654 for\n full details, see included ChangeLog file or\n https://github.com/ClusterLabs/pacemaker/releases/tag/Pa\n cemaker-2.0.5-rc2\n\n - Remove dependencies to nagios-plugins from\n metadata-package\n\n - some sync with structure of upstream spec-file\n\n - removed some legacy conditionals\n\n - added with-cibsecrets\n\n - enable some basic gating-tests\n\n - remove building documentation using publican from ELN\n\n - rename doc-dir for ELN\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-3d0e38b9e7\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected pacemaker package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"pacemaker-2.0.5-0.7.rc3.fc33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T11:37:49", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:5487 advisory.\n\n - An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : pacemaker (ALSA-2020:5487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:pacemaker", "p-cpe:/a:alma:linux:pacemaker-cli", "p-cpe:/a:alma:linux:pacemaker-cts", "p-cpe:/a:alma:linux:pacemaker-doc", "p-cpe:/a:alma:linux:pacemaker-libs-devel", "p-cpe:/a:alma:linux:pacemaker-nagios-plugins-metadata", "p-cpe:/a:alma:linux:pacemaker-remote", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2020-5487.NASL", "href": "https://www.tenable.com/plugins/nessus/157552", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2020:5487.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157552);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"ALSA\", value:\"2020:5487\");\n\n script_name(english:\"AlmaLinux 8 : pacemaker (ALSA-2020:5487)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2020:5487 advisory.\n\n - An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the\n haclient group could use IPC communication with various daemons directly to perform certain tasks that\n they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2020-5487.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'pacemaker-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-cli-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-cts-2.0.4-6.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-doc-2.0.4-6.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-libs-devel-2.0.4-6.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-libs-devel-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-nagios-plugins-metadata-2.0.4-6.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-remote-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pacemaker / pacemaker-cli / pacemaker-cts / pacemaker-doc / etc');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:45:54", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pacemaker packages installed that are affected by a vulnerability:\n\n - An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : pacemaker Vulnerability (NS-SA-2021-0021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2021-03-11T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0021_PACEMAKER.NASL", "href": "https://www.tenable.com/plugins/nessus/147326", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0021. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147326);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2020-25654\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : pacemaker Vulnerability (NS-SA-2021-0021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pacemaker packages installed that are affected\nby a vulnerability:\n\n - An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the\n haclient group could use IPC communication with various daemons directly to perform certain tasks that\n they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0021\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL pacemaker packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'pacemaker-1.1.23-1.el7_9.1',\n 'pacemaker-cli-1.1.23-1.el7_9.1',\n 'pacemaker-cluster-libs-1.1.23-1.el7_9.1',\n 'pacemaker-cts-1.1.23-1.el7_9.1',\n 'pacemaker-doc-1.1.23-1.el7_9.1',\n 'pacemaker-libs-1.1.23-1.el7_9.1',\n 'pacemaker-libs-devel-1.1.23-1.el7_9.1',\n 'pacemaker-nagios-plugins-metadata-1.1.23-1.el7_9.1',\n 'pacemaker-remote-1.1.23-1.el7_9.1'\n ],\n 'CGSL MAIN 5.04': [\n 'pacemaker-1.1.23-1.el7_9.1',\n 'pacemaker-cli-1.1.23-1.el7_9.1',\n 'pacemaker-cluster-libs-1.1.23-1.el7_9.1',\n 'pacemaker-cts-1.1.23-1.el7_9.1',\n 'pacemaker-doc-1.1.23-1.el7_9.1',\n 'pacemaker-libs-1.1.23-1.el7_9.1',\n 'pacemaker-libs-devel-1.1.23-1.el7_9.1',\n 'pacemaker-nagios-plugins-metadata-1.1.23-1.el7_9.1',\n 'pacemaker-remote-1.1.23-1.el7_9.1'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pacemaker');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:48:39", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:5487 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : pacemaker (CESA-2020:5487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:pacemaker", "p-cpe:/a:centos:centos:pacemaker-cli", "p-cpe:/a:centos:centos:pacemaker-cluster-libs", "p-cpe:/a:centos:centos:pacemaker-cts", "p-cpe:/a:centos:centos:pacemaker-doc", "p-cpe:/a:centos:centos:pacemaker-libs", "p-cpe:/a:centos:centos:pacemaker-libs-devel", "p-cpe:/a:centos:centos:pacemaker-nagios-plugins-metadata", "p-cpe:/a:centos:centos:pacemaker-remote", "p-cpe:/a:centos:centos:pacemaker-schemas"], "id": "CENTOS8_RHSA-2020-5487.NASL", "href": "https://www.tenable.com/plugins/nessus/145894", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:5487. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145894);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"RHSA\", value:\"2020:5487\");\n\n script_name(english:\"CentOS 8 : pacemaker (CESA-2020:5487)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:5487 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5487\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-schemas\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'pacemaker-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-cli-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-cli-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-cluster-libs-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-cluster-libs-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-cts-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-cts-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-doc-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-doc-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-libs-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-libs-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-libs-devel-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-libs-devel-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-nagios-plugins-metadata-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-nagios-plugins-metadata-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-remote-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-remote-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-schemas-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pacemaker-schemas-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pacemaker / pacemaker-cli / pacemaker-cluster-libs / pacemaker-cts / etc');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:51:40", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5487 advisory.\n\n - An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-23T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : pacemaker (ELSA-2020-5487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-24T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:pacemaker-cluster-libs", "p-cpe:/a:oracle:linux:pacemaker-libs", "p-cpe:/a:oracle:linux:pacemaker-schemas"], "id": "ORACLELINUX_ELSA-2020-5487.NASL", "href": "https://www.tenable.com/plugins/nessus/144563", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5487.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144563);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/24\");\n\n script_cve_id(\"CVE-2020-25654\");\n\n script_name(english:\"Oracle Linux 8 : pacemaker (ELSA-2020-5487)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-5487 advisory.\n\n - An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the\n haclient group could use IPC communication with various daemons directly to perform certain tasks that\n they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5487.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pacemaker-cluster-libs, pacemaker-libs and / or pacemaker-schemas packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pacemaker-schemas\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'pacemaker-cluster-libs-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'pacemaker-cluster-libs-2.0.4-6.el8_3.1', 'cpu':'i686', 'release':'8'},\n {'reference':'pacemaker-cluster-libs-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'pacemaker-libs-2.0.4-6.el8_3.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'pacemaker-libs-2.0.4-6.el8_3.1', 'cpu':'i686', 'release':'8'},\n {'reference':'pacemaker-libs-2.0.4-6.el8_3.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'pacemaker-schemas-2.0.4-6.el8_3.1', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pacemaker-cluster-libs / pacemaker-libs / pacemaker-schemas');\n}", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:51:40", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1583 advisory.\n\n - An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-07T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : pacemaker (ALAS-2021-1583)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2021-01-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:pacemaker", "p-cpe:/a:amazon:linux:pacemaker-cli", "p-cpe:/a:amazon:linux:pacemaker-cluster-libs", "p-cpe:/a:amazon:linux:pacemaker-cts", "p-cpe:/a:amazon:linux:pacemaker-debuginfo", "p-cpe:/a:amazon:linux:pacemaker-doc", "p-cpe:/a:amazon:linux:pacemaker-libs", "p-cpe:/a:amazon:linux:pacemaker-libs-devel", "p-cpe:/a:amazon:linux:pacemaker-nagios-plugins-metadata", "p-cpe:/a:amazon:linux:pacemaker-remote", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1583.NASL", "href": "https://www.tenable.com/plugins/nessus/144796", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1583.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144796);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/07\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"ALAS\", value:\"2021-1583\");\n\n script_name(english:\"Amazon Linux 2 : pacemaker (ALAS-2021-1583)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2021-1583 advisory.\n\n - An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the\n haclient group could use IPC communication with various daemons directly to perform certain tasks that\n they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1583.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25654\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update pacemaker' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'pacemaker-1.1.23-1.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'pacemaker-1.1.23-1.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'pacemaker-1.1.23-1.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'pacemaker-cli-1.1.23-1.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'pacemaker-cli-1.1.23-1.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'pacemaker-cli-1.1.23-1.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'pacemaker-cluster-libs-1.1.23-1.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'pacemaker-cluster-libs-1.1.23-1.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'pacemaker-cluster-libs-1.1.23-1.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'pacemaker-cts-1.1.23-1.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'pacemaker-cts-1.1.23-1.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'pacemaker-cts-1.1.23-1.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'pacemaker-debuginfo-1.1.23-1.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'pacemaker-debuginfo-1.1.23-1.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'pacemaker-debuginfo-1.1.23-1.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'pacemaker-doc-1.1.23-1.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'pacemaker-doc-1.1.23-1.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'pacemaker-doc-1.1.23-1.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'pacemaker-libs-1.1.23-1.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'pacemaker-libs-1.1.23-1.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'pacemaker-libs-1.1.23-1.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'pacemaker-libs-devel-1.1.23-1.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'pacemaker-libs-devel-1.1.23-1.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'pacemaker-libs-devel-1.1.23-1.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'pacemaker-nagios-plugins-metadata-1.1.23-1.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'pacemaker-nagios-plugins-metadata-1.1.23-1.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'pacemaker-nagios-plugins-metadata-1.1.23-1.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'pacemaker-remote-1.1.23-1.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'pacemaker-remote-1.1.23-1.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'pacemaker-remote-1.1.23-1.amzn2.1', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pacemaker / pacemaker-cli / pacemaker-cluster-libs / etc\");\n}", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:52:10", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:5453 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-14T00:00:00", "type": "nessus", "title": "CentOS 7 : pacemaker (CESA-2020:5453)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2021-01-15T00:00:00", "cpe": ["p-cpe:/a:centos:centos:pacemaker", "p-cpe:/a:centos:centos:pacemaker-cli", "p-cpe:/a:centos:centos:pacemaker-cluster-libs", "p-cpe:/a:centos:centos:pacemaker-cts", "p-cpe:/a:centos:centos:pacemaker-doc", "p-cpe:/a:centos:centos:pacemaker-libs", "p-cpe:/a:centos:centos:pacemaker-libs-devel", "p-cpe:/a:centos:centos:pacemaker-nagios-plugins-metadata", "p-cpe:/a:centos:centos:pacemaker-remote", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-5453.NASL", "href": "https://www.tenable.com/plugins/nessus/144974", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5453 and\n# CentOS Errata and Security Advisory 2020:5453 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144974);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2020-25654\");\n script_xref(name:\"RHSA\", value:\"2020:5453\");\n\n script_name(english:\"CentOS 7 : pacemaker (CESA-2020:5453)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:5453 advisory.\n\n - pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2020-December/048222.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4f778f17\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(284);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'pacemaker-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'pacemaker-cli-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'pacemaker-cluster-libs-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'pacemaker-cluster-libs-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'pacemaker-cts-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'pacemaker-doc-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'pacemaker-libs-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'pacemaker-libs-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'pacemaker-libs-devel-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'pacemaker-libs-devel-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'pacemaker-nagios-plugins-metadata-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'pacemaker-remote-1.1.23-1.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pacemaker / pacemaker-cli / pacemaker-cluster-libs / etc');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T11:44:11", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has pacemaker packages installed that are affected by a vulnerability:\n\n - An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : pacemaker Vulnerability (NS-SA-2021-0160)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25654"], "modified": "2021-10-28T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:pacemaker", "p-cpe:/a:zte:cgsl_core:pacemaker-cli", "p-cpe:/a:zte:cgsl_core:pacemaker-cluster-libs", "p-cpe:/a:zte:cgsl_core:pacemaker-cts", "p-cpe:/a:zte:cgsl_core:pacemaker-doc", "p-cpe:/a:zte:cgsl_core:pacemaker-libs", "p-cpe:/a:zte:cgsl_core:pacemaker-libs-devel", "p-cpe:/a:zte:cgsl_core:pacemaker-nagios-plugins-metadata", "p-cpe:/a:zte:cgsl_core:pacemaker-remote", "p-cpe:/a:zte:cgsl_main:pacemaker", "p-cpe:/a:zte:cgsl_main:pacemaker-cli", "p-cpe:/a:zte:cgsl_main:pacemaker-cluster-libs", "p-cpe:/a:zte:cgsl_main:pacemaker-cts", "p-cpe:/a:zte:cgsl_main:pacemaker-doc", "p-cpe:/a:zte:cgsl_main:pacemaker-libs", "p-cpe:/a:zte:cgsl_main:pacemaker-libs-devel", "p-cpe:/a:zte:cgsl_main:pacemaker-nagios-plugins-metadata", "p-cpe:/a:zte:cgsl_main:pacemaker-remote", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0160_PACEMAKER.NASL", "href": "https://www.tenable.com/plugins/nessus/154616", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0160. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154616);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/28\");\n\n script_cve_id(\"CVE-2020-25654\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : pacemaker Vulnerability (NS-SA-2021-0160)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has pacemaker packages installed that are affected\nby a vulnerability:\n\n - An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the\n haclient group could use IPC communication with various daemons directly to perform certain tasks that\n they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0160\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25654\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL pacemaker packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:pacemaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:pacemaker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:pacemaker-cluster-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:pacemaker-cts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:pacemaker-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:pacemaker-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:pacemaker-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:pacemaker-nagios-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:pacemaker-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'pacemaker-1.1.23-1.el7_9.1',\n 'pacemaker-cli-1.1.23-1.el7_9.1',\n 'pacemaker-cluster-libs-1.1.23-1.el7_9.1',\n 'pacemaker-cts-1.1.23-1.el7_9.1',\n 'pacemaker-doc-1.1.23-1.el7_9.1',\n 'pacemaker-libs-1.1.23-1.el7_9.1',\n 'pacemaker-libs-devel-1.1.23-1.el7_9.1',\n 'pacemaker-nagios-plugins-metadata-1.1.23-1.el7_9.1',\n 'pacemaker-remote-1.1.23-1.el7_9.1'\n ],\n 'CGSL MAIN 5.05': [\n 'pacemaker-1.1.23-1.el7_9.1',\n 'pacemaker-cli-1.1.23-1.el7_9.1',\n 'pacemaker-cluster-libs-1.1.23-1.el7_9.1',\n 'pacemaker-cts-1.1.23-1.el7_9.1',\n 'pacemaker-doc-1.1.23-1.el7_9.1',\n 'pacemaker-libs-1.1.23-1.el7_9.1',\n 'pacemaker-libs-devel-1.1.23-1.el7_9.1',\n 'pacemaker-nagios-plugins-metadata-1.1.23-1.el7_9.1',\n 'pacemaker-remote-1.1.23-1.el7_9.1'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pacemaker');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-31T16:47:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for pacemaker (openSUSE-SU-2019:1342-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852482", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852482", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852482\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-09 02:00:55 +0000 (Thu, 09 May 2019)\");\n script_name(\"openSUSE: Security Advisory for pacemaker (openSUSE-SU-2019:1342-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1342-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pacemaker'\n package(s) announced via the openSUSE-SU-2019:1342-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for pacemaker fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-16877: Fixed a local privilege escalation through insufficient\n IPC client-server authentication. (bsc#1131356)\n\n - CVE-2018-16878: Fixed a denial of service through insufficient\n verification inflicted preference of uncontrolled processes.\n (bsc#1131353)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1342=1\");\n\n script_tag(name:\"affected\", value:\"'pacemaker' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libpacemaker-devel\", rpm:\"libpacemaker-devel~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpacemaker3\", rpm:\"libpacemaker3~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpacemaker3-debuginfo\", rpm:\"libpacemaker3-debuginfo~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker\", rpm:\"pacemaker~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-cli\", rpm:\"pacemaker-cli~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-cli-debuginfo\", rpm:\"pacemaker-cli-debuginfo~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-cts\", rpm:\"pacemaker-cts~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-cts-debuginfo\", rpm:\"pacemaker-cts-debuginfo~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-debuginfo\", rpm:\"pacemaker-debuginfo~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-debugsource\", rpm:\"pacemaker-debugsource~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-remote\", rpm:\"pacemaker-remote~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-remote-debuginfo\", rpm:\"pacemaker-remote-debuginfo~1.1.16~4.12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-24T00:00:00", "type": "openvas", "title": "Ubuntu Update for pacemaker USN-3952-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-04-25T00:00:00", "id": "OPENVAS:1361412562310843983", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843983", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843983\");\n script_version(\"2019-04-25T10:19:44+0000\");\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-04-25 10:19:44 +0000 (Thu, 25 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-24 02:00:54 +0000 (Wed, 24 Apr 2019)\");\n script_name(\"Ubuntu Update for pacemaker USN-3952-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU18\\.10|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3952-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-April/004859.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pacemaker'\n package(s) announced via the USN-3952-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Jan Pokorn\u00fd discovered that Pacemaker incorrectly handled client-server\nauthentication. A local attacker could possibly use this issue to escalate\nprivileges. (CVE-2018-16877)\n\nJan Pokorn\u00fd discovered that Pacemaker incorrectly handled certain\nverifications. A local attacker could possibly use this issue to cause a\ndenial of service. (CVE-2018-16878)\n\nJan Pokorn\u00fd discovered that Pacemaker incorrectly handled certain memory\noperations. A local attacker could possibly use this issue to obtain\nsensitive information in log outputs. This issue only applied to Ubuntu\n18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3885)\");\n\n script_tag(name:\"affected\", value:\"'pacemaker' package(s) on Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"pacemaker\", ver:\"1.1.18-0ubuntu1.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"pacemaker\", ver:\"1.1.18-2ubuntu1.18.10.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"pacemaker\", ver:\"1.1.14-2ubuntu1.6\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:16", "description": "The remote host is missing an update for\n the ", "cvss3": {}, "published": "2019-05-04T00:00:00", "type": "openvas", "title": "Fedora Update for pacemaker FEDORA-2019-e71f6f36ac", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310875590", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875590", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875590\");\n script_version(\"2019-05-10T12:05:36+0000\");\n script_cve_id(\"CVE-2019-3885\", \"CVE-2018-16877\", \"CVE-2018-16878\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 12:05:36 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-04 02:10:45 +0000 (Sat, 04 May 2019)\");\n script_name(\"Fedora Update for pacemaker FEDORA-2019-e71f6f36ac\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-e71f6f36ac\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'pacemaker' package(s) announced via the FEDORA-2019-e71f6f36ac advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Pacemaker is an advanced, scalable High-Availability\n cluster resource manager for Corosync, CMAN and/or Linux-HA.\n\nIt supports more than 16 node clusters with significant capabilities\nfor managing resources and dependencies.\n\nIt will run scripts at initialization, when machines go up or down,\nwhen related resources fail and can be configured to periodically check\nresource health.\n\nAvailable rpmbuild rebuild options:\n\n - -with(out) : coverage doc hardening pre_release profiling\");\n\n script_tag(name:\"affected\", value:\"'pacemaker' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker\", rpm:\"pacemaker~1.1.18~3.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for pacemaker FEDORA-2019-b502250ba4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875750", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875750", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875750\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-3885\", \"CVE-2018-16877\", \"CVE-2018-16878\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:19:12 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for pacemaker FEDORA-2019-b502250ba4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b502250ba4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pacemaker'\n package(s) announced via the FEDORA-2019-b502250ba4 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Pacemaker is an advanced, scalable High-Availability cluster resource\nmanager.\n\nIt supports more than 16 node clusters with significant capabilities\nfor managing resources and dependencies.\n\nIt will run scripts at initialization, when machines go up or down,\nwhen related resources fail and can be configured to periodically check\nresource health.\n\nAvailable rpmbuild rebuild options:\n\n - -with(out) : coverage doc hardening pre_release profiling\");\n\n script_tag(name:\"affected\", value:\"'pacemaker' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker\", rpm:\"pacemaker~2.0.0~5.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T16:54:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-16T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for pacemaker (openSUSE-SU-2019:1400-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852499", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852499", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852499\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-16877\", \"CVE-2018-16878\", \"CVE-2019-3885\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:01:30 +0000 (Thu, 16 May 2019)\");\n script_name(\"openSUSE: Security Advisory for pacemaker (openSUSE-SU-2019:1400-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1400-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pacemaker'\n package(s) announced via the openSUSE-SU-2019:1400-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for pacemaker fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-3885: Fixed an information disclosure in log output.\n (bsc#1131357)\n\n - CVE-2018-16877: Fixed a local privilege escalation through insufficient\n IPC client-server authentication. (bsc#1131356)\n\n - CVE-2018-16878: Fixed a denial of service through insufficient\n verification inflicted preference of uncontrolled processes.\n (bsc#1131353)\n\n Non-security issue fixed:\n\n - crmd: delete resource from lrmd when appropriate to avoid timeouts with\n crmsh (bsc#1117381).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1400=1\");\n\n script_tag(name:\"affected\", value:\"'pacemaker' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libpacemaker-devel\", rpm:\"libpacemaker-devel~1.1.18+20180430.b12c320f5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpacemaker3\", rpm:\"libpacemaker3~1.1.18+20180430.b12c320f5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpacemaker3-debuginfo\", rpm:\"libpacemaker3-debuginfo~1.1.18+20180430.b12c320f5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker\", rpm:\"pacemaker~1.1.18+20180430.b12c320f5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-cli\", rpm:\"pacemaker-cli~1.1.18+20180430.b12c320f5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-cli-debuginfo\", rpm:\"pacemaker-cli-debuginfo~1.1.18+20180430.b12c320f5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-debuginfo\", rpm:\"pacemaker-debuginfo~1.1.18+20180430.b12c320f5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-debugsource\", rpm:\"pacemaker-debugsource~1.1.18+20180430.b12c320f5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-remote\", rpm:\"pacemaker-remote~1.1.18+20180430.b12c320f5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-remote-debuginfo\", rpm:\"pacemaker-remote-debuginfo~1.1.18+20180430.b12c320f5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pacemaker-cts\", rpm:\"pacemaker-cts~1.1.18+20180430.b12c320f5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ibm": [{"lastseen": "2022-08-04T13:01:52", "description": "## Summary\n\nMultiple vulnerabilities were identified in the Pacemaker component that is bundled with IBM MQ Advanced for use by replicated data queue managers (RDQM).\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-16878](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16878>) \n**DESCRIPTION: **Pacemaker is vulnerable to a denial of service, caused by an insufficient verification inflicted preference of uncontrolled processes. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159858](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159858>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2018-16877](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16877>) \n**DESCRIPTION: **Pacemaker could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the authentication in the client server. An attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159859](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159859>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2019-3885](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3885>) \n**DESCRIPTION: **Pacemaker could allow a remote attacker to obtain sensitive information, caused by a use-after-free flaw. A remote attacker could exploit this vulnerability to obtain sensitive information from the system logs. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159857>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.1 LTS \nIBM MQ | 9.1 CD \nIBM MQ | 9.2 CD \nIBM MQ | 9.2 LTS \n \n## Remediation/Fixes\n\n**IBM MQ 9.1 LTS**\n\n[Apply Fixpack 9.1.0.7](<https://www.ibm.com/support/pages/downloading-ibm-mq-9107> \"Apply Fixpack 9.1.0.7\" )\n\n**IBM MQ 9.2 LTS**\n\n[Apply Fixpack 9.2.0.1](<https://www.ibm.com/support/pages/downloading-ibm-mq-version-9201> \"Apply Fixpack 9.2.0.1\" )\n\n**IBM MQ 9.1 CD and IBM MQ 9.2 CD**\n\n[Upgrade to IBM MQ 9.2.1](<https://www.ibm.com/support/pages/downloading-ibm-mq-921-continuous-delivery> \"Upgrade to IBM MQ 9.2.1\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n16 Dec 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSYHRD\",\"label\":\"IBM MQ\"},\"Component\":\"RDQM\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"9.1.0, 9.2.0\",\"Edition\":\"Advanced\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-18T19:09:33", "type": "ibm", "title": "Security Bulletin: IBM MQ is affected by multiple vulnerabilities in Pacemaker", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2020-12-18T19:09:33", "id": "D8676400C4D14B2D1B5F94F57536D6B43C6BF15DED8668D5B115B832F4F08E63", "href": "https://www.ibm.com/support/pages/node/6382912", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T13:01:51", "description": "## Summary\n\nIBM MQ Appliance has resolved Pacemaker vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-16878](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16878>) \n**DESCRIPTION: **Pacemaker is vulnerable to a denial of service, caused by an insufficient verification inflicted preference of uncontrolled processes. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159858](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159858>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2018-16877](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16877>) \n**DESCRIPTION: **Pacemaker could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the authentication in the client server. An attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159859](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159859>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2019-3885](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3885>) \n**DESCRIPTION: **Pacemaker could allow a remote attacker to obtain sensitive information, caused by a use-after-free flaw. A remote attacker could exploit this vulnerability to obtain sensitive information from the system logs. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159857>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ Appliance | 9.1 LTS \nIBM MQ Appliance | 9.1 CD \n \n## Remediation/Fixes\n\n**IBM MQ Appliance 9.1 LTS**\n\nApply fixpack [9.1.0.6](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+MQ+Appliance+M2000&release=All&function=fixId&fixids=9.1.0.6-IBM-MQ-Appliance-U0000&includeSupersedes=1> \"9.1.0.6\" ), or later maintenance\n\n**IBM MQ Appliance 9.1 CD**\n\nUpgrade to [9.2.1](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+MQ+Appliance+M2000&release=All&function=fixId&fixids=9.2.1-IBM-MQ-Appliance-U0000&includeSupersedes=1> \"9.2.1\" ), or later maintenance\n\n## Workarounds and Mitigations\n\nOnly affects IBM MQ Appliances configured as part of a Highly Available group, where the appliances are not directly connected.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n18 Dec 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SS5K6E\",\"label\":\"IBM MQ Appliance\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF004\",\"label\":\"Appliance\"}],\"Version\":\"9.1.0.0;9.1.0.1;9.1.0.2;9.1.0.3;9.1.0.4;9.1.0.5;9.1.1;9.1.2;9.1.3;9.1.4;9.1.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB36\",\"label\":\"IBM Automation\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-18T23:18:11", "type": "ibm", "title": "Security Bulletin: IBM MQ Appliance is affected by Pacemaker vulnerabilities (CVE-2018-16878, CVE-2018-16877, CVE-2019-3885)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2020-12-18T23:18:11", "id": "4E73E30F75AED2360643FD48F176E48FEDE9AF562A5E051D96379F78DEE7AB27", "href": "https://www.ibm.com/support/pages/node/6388650", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T12:52:42", "description": "## Summary\n\nAn issue was identified with Pacemaker which is used by IBM MQ to supply RDQM functionality.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-25654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25654>) \n**DESCRIPTION: **ClusterLabs Pacemaker could allow a local attacker to bypass security restrictions, caused by an access control list bypass flaw. By sending a specially-crafted request using IPC communication with various daemons, an attacker could exploit this vulnerability to perform certain tasks prevented by ACLs. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190582](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190582>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.2 CD \nIBM MQ | 9.2 LTS \nIBM MQ | 9.1 CD \nIBM MQ | 9.1 LTS \n \n## Remediation/Fixes\n\nThis issue is resolved under APAR IT35522. \n\n**IBM MQ 9.1 LTS**\n\n[Apply fix pack 9.1.0.8](<https://www.ibm.com/support/pages/node/6450373> \"Apply FixPack 9.1.0.8\" )\n\n**IBM MQ 9.2 LTS**\n\n[Apply fix pack 9.2.0.2](<https://www.ibm.com/support/pages/downloading-ibm-mq-9202> \"Apply FixPack 9.2.0.2\" )\n\n**IBM MQ 9.1 CD and 9.2 CD**\n\n[Upgrade to IBM MQ 9.2.2](<https://www.ibm.com/support/pages/downloading-ibm-mq-922-continuous-delivery> \"Upgrade to IBM MQ 9.2.2\" )\n\n## Workarounds and Mitigations\n\nOnly applicable to IBM MQ installations with an RDQM HA group configured.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nThis issue was discovered by Ken Gaillot (Red Hat).\n\n## Change History\n\n17 Jun 2021: Initial Publication \n21 Jul 2021 : Clarification of affected configuration\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Type\":\"MASTER\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSYHRD\",\"label\":\"IBM MQ\"},\"ARM Category\":[{\"code\":\"a8m0z00000008HvAAI\",\"label\":\"Components and Features->High Availability (HA)->RDQM\"},{\"code\":\"a8m0z00000008P6AAI\",\"label\":\"Components and Features->Queue Managers\"}],\"ARM Case Number\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"9.1.0;9.2.0\"}]", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-21T21:33:14", "type": "ibm", "title": "Security Bulletin: IBM MQ is vulnerable to an issue within Pacemaker. (CVE-2020-25654)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2021-07-21T21:33:14", "id": "A5482A34C95D889C083B8220907A6F771A27CDE1BE58B9F8007C6235EA459B88", "href": "https://www.ibm.com/support/pages/node/6464787", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T12:44:19", "description": "## Summary\n\nWebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in Pacemaker, ImageMagick, gd-libgd, libxslt, cURL libcurl , Ghostscript. These vulnerabilities are addressed in App connect professional v7.5.4.0 and v7.5.5.0, customer can migrate to these versions without incurring any additional cost. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11472](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11472>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a divide-by-zero error in the ReadXWDImage function in coders/xwd.c. By persuading a victim to open a specially-crafted XWD image file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160054](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160054>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-11470](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11470>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by uncontrolled resource consumption in the ReadXWDImage function in coders/xwd.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-11597](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11597>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a heap-based buffer over-read in the WritePNMImage function in coders/pnm.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service or possibly obtain sensitive information. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160255>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2014-9709](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709>) \n** DESCRIPTION: **gd-libgd is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by gd_gif_in.c. By sending a specially-crafted GIF file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/101757](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101757>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2019-11479](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size (MSS). By sending specially-crafted MSS traffic, a remote attacker could exploit this vulnerability to cause excess usage of system resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11477](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11598](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11598>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a heap-based buffer over-read in the WritePNMImage function in coders/pnm.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service or possibly obtain sensitive information. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160252](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160252>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2019-11478](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an issue with fragmenting the TCP retransmission queue when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause an excess of system resource usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11599](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11599>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a race condition in the coredump implementation. By using a specially-crafted system call, a local attacker could exploit this vulnerability to cause the application to crash or obtain sensitive information. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160262](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160262>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2019-3885](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3885>) \n** DESCRIPTION: **Pacemaker could allow a remote attacker to obtain sensitive information, caused by a use-after-free flaw. A remote attacker could exploit this vulnerability to obtain sensitive information from the system logs. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159857>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-2774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2774>) \n** DESCRIPTION: **ISC DHCP is vulnerable to a denial of service, caused by the failure to limit the number of open TCP connections to the ports for inter-process communications and control. By opening a large number of TCP connections, a remote attacker from within the local network could exploit this vulnerability to become unresponsive or consume all available sockets. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11068](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068>) \n** DESCRIPTION: **libxslt could allow a remote attacker to bypass security restrictions, caused by a flaw in the xsltCheckRead and xsltCheckWrite routines. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159898](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159898>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-10131](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10131>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by an off-by-one read flaw in the formatIPTCfromBuffer function in coders/meta.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160672](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160672>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-1120](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1120>) \n** DESCRIPTION: **procps-ng procps is vulnerable to a denial of service, caused by improper validation of user-supplied request. By mmaping a FUSE file to the process command-line arguments, a remote attacker could exploit this vulnerability to block read access to the files under /proc/PID/. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-10650](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10650>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a heap-based buffer over-read in the WriteTIFFImage function in coders/tiff.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160121](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160121>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-5436](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftp_receive_packet() function. By sending overly long data, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-3838](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838>) \n** DESCRIPTION: **Ghostscript could allow a remote attacker to bypass security restrictions, caused by improper usage of forceput operator. By persuading a victim to open a specially-crafted PostScript file, a remote attacker could exploit this vulnerability to gain access to the file system outside of the constraints imposed by -dSAFER. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158503](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158503>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-16877](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16877>) \n** DESCRIPTION: **Pacemaker could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the authentication in the client server. An attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159859](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159859>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-16878](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16878>) \n** DESCRIPTION: **Pacemaker is vulnerable to a denial of service, caused by insufficient verification inflicted preference of uncontrolled processes. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159858](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159858>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Cast Iron | 7.5.1.0 \nApp Connect Professional| 7.5.2.0 \nApp Connect Professional| 7.5.4.0 \nApp Connect Professional| 7.5.5.0 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nApp Connect Professional| 7.5.4.0| [7540 Fixcentral link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.4.0&platform=All&function=fixId&fixids=7.5.4.0-WS-ACP-20211208-2245_H28_64-CUMUIFIX-026.vcrypt2,&includeSupersedes=0> \"7540 Fixcentral link\" ) \nApp Connect Professional| 7.5.5.0| [7550 Fixcentral link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.5.0&platform=All&function=fixId&fixids=7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.builtDockerImage,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.docker,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.vcrypt2,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.sc-linux,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.32bit.sc-linux,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.32bit.sc-win,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.sc-win&includeSupersedes=0> \"7550 Fixcentral link\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n15 Feb 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS3LC4\",\"label\":\"App Connect Professional\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"ACPv754, ACPv755\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-21T04:39:05", "type": "ibm", "title": "Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in Pacemaker, ImageMagick, gd-libgd, libxslt, cURL libcurl , Ghostscript.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9709", "CVE-2016-2774", "CVE-2018-1120", "CVE-2018-16877", "CVE-2018-16878", "CVE-2019-10131", "CVE-2019-10650", "CVE-2019-11068", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-11599", "CVE-2019-3838", "CVE-2019-3885", "CVE-2019-5436"], "modified": "2022-02-21T04:39:05", "id": "9EAED1F5FB3762874ED935AF686A504F1630ADB20AA5EBFAE97EAEEEA4C0DAF8", "href": "https://www.ibm.com/support/pages/node/6558082", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2021-07-28T18:41:38", "description": "Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: --with(out) : coverage doc hardening pre_release profiling ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-23T23:44:10", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: pacemaker-2.0.1-2.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-04-23T23:44:10", "id": "FEDORA:AFEEB60608E3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T18:41:38", "description": "Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: --with(out) : coverage doc hardening pre_release profiling ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-04T01:17:47", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: pacemaker-1.1.18-3.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-05-04T01:17:47", "id": "FEDORA:A98D3604EC00", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T18:41:38", "description": "Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: --with(out) : coverage doc hardening pre_release profiling ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-05T02:44:11", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: pacemaker-2.0.0-5.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-05-05T02:44:11", "id": "FEDORA:97BCC60200CC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: --with(out) : cibsecrets coverage doc hardening pre_release profiling ", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-27T01:12:39", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: pacemaker-2.0.5-0.7.rc3.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-11-27T01:12:39", "id": "FEDORA:7FCC930C8E61", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NG7YJDH5DNOTKZJOHFWSACULGPJUOJMZ/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: --with(out) : cibsecrets coverage doc hardening pre_release profiling ", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-27T01:24:10", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: pacemaker-2.0.5-0.7.rc3.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-11-27T01:24:10", "id": "FEDORA:E7AA330CB45E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HMSWPVSLEUN4QCZPHKBMBZVUXLKKNSMM/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. (CVE-2019-3885) A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. (CVE-2018-16877) A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. (CVE-2018-16878) \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-19T13:44:26", "type": "mageia", "title": "Updated pacemaker packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-12-19T13:44:26", "id": "MGASA-2019-0394", "href": "https://advisories.mageia.org/MGASA-2019-0394.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "ACL restrictions bypass. (CVE-2020-25654) \n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-10T15:20:00", "type": "mageia", "title": "Updated pacemaker packages fix a security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-11-10T15:20:00", "id": "MGASA-2020-0409", "href": "https://advisories.mageia.org/MGASA-2020-0409.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:34", "description": "[2.0.1-4.3]\n- New build with fixed test in gating.yaml\n- Resolves: rhbz#1694557\n- Resolves: rhbz#1695247\n- Resolves: rhbz#1697264\n- Resolves: rhbz#1697265\n[2.0.1-4.2]\n- New build to apply z-stream tag\n- Resolves: rhbz#1694557\n- Resolves: rhbz#1695247\n- Resolves: rhbz#1697264\n- Resolves: rhbz#1697265\n[2.0.1-4.1]\n- Improve clients' authentication of IPC servers (CVE-2018-16877)\n- Fix use-after-free with potential information disclosure (CVE-2019-3885)\n- Improve pacemakerd authentication of running subdaemons (CVE-2018-16878)\n- Restore correct behavior when live migration is interrupted\n- Resolves: rhbz#1694557\n- Resolves: rhbz#1695247\n- Resolves: rhbz#1697264\n- Resolves: rhbz#1697265", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-07-30T00:00:00", "type": "oraclelinux", "title": "pacemaker security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-07-30T00:00:00", "id": "ELSA-2019-1279", "href": "http://linux.oracle.com/errata/ELSA-2019-1279.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-11-05T02:27:15", "description": "[1.1.23-1.0.1]\n- Upstream reference in pacemaker crm_report binary [Orabug: 31611300]\n[1.1.23-1.1]\n- Prevent ACL bypass (CVE-2020-25654)\n- Resolves: rhbz#1892140", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-05T00:00:00", "type": "oraclelinux", "title": "pacemaker security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2021-11-05T00:00:00", "id": "ELSA-2020-5453", "href": "http://linux.oracle.com/errata/ELSA-2020-5453.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:25:15", "description": "[2.0.4-6.1]\n- Prevent users from bypassing ACLs by using IPC directly (CVE-2020-25654)\n- Resolves: rhbz1891528", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-22T00:00:00", "type": "oraclelinux", "title": "pacemaker security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-22T00:00:00", "id": "ELSA-2020-5487", "href": "http://linux.oracle.com/errata/ELSA-2020-5487.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T11:45:39", "description": "Jan Pokorn\u00fd discovered that Pacemaker incorrectly handled client-server \nauthentication. A local attacker could possibly use this issue to escalate \nprivileges. (CVE-2018-16877)\n\nJan Pokorn\u00fd discovered that Pacemaker incorrectly handled certain \nverifications. A local attacker could possibly use this issue to cause a \ndenial of service. (CVE-2018-16878)\n\nJan Pokorn\u00fd discovered that Pacemaker incorrectly handled certain memory \noperations. A local attacker could possibly use this issue to obtain \nsensitive information in log outputs. This issue only applied to Ubuntu \n18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3885)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-23T00:00:00", "type": "ubuntu", "title": "Pacemaker vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16878", "CVE-2018-16877", "CVE-2019-3885"], "modified": "2019-04-23T00:00:00", "id": "USN-3952-1", "href": "https://ubuntu.com/security/notices/USN-3952-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-04T11:07:18", "description": "Ken Gaillot discovered that Pacemaker incorrectly handled IPC \ncommunications permissions. A local attacker could possibly use this issue \nto bypass ACL restrictions and execute arbitrary code as root.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-09T00:00:00", "type": "ubuntu", "title": "Pacemaker vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-11-09T00:00:00", "id": "USN-4623-1", "href": "https://ubuntu.com/security/notices/USN-4623-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:37:03", "description": "The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. \n\nSecurity Fix(es):\n\n* pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877)\n\n* pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878)\n\n* pacemaker: Information disclosure through use-after-free (CVE-2019-3885)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-27T15:45:15", "type": "redhat", "title": "(RHSA-2019:1278) Important: pacemaker security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-05-27T15:55:46", "id": "RHSA-2019:1278", "href": "https://access.redhat.com/errata/RHSA-2019:1278", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:37:56", "description": "The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. \n\nSecurity Fix(es):\n\n* pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877)\n\n* pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878)\n\n* pacemaker: Information disclosure through use-after-free (CVE-2019-3885)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Interrupted live migration will get full start rather than completed migration (BZ#1695247)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-27T15:45:19", "type": "redhat", "title": "(RHSA-2019:1279) Important: pacemaker security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-05-27T15:55:46", "id": "RHSA-2019:1279", "href": "https://access.redhat.com/errata/RHSA-2019:1279", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:40:09", "description": "The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. \n\nSecurity Fix(es):\n\n* pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T16:01:26", "type": "redhat", "title": "(RHSA-2020:5487) Moderate: pacemaker security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-15T16:43:41", "id": "RHSA-2020:5487", "href": "https://access.redhat.com/errata/RHSA-2020:5487", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:39:46", "description": "The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. \n\nSecurity Fix(es):\n\n* pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T08:17:14", "type": "redhat", "title": "(RHSA-2020:5423) Moderate: pacemaker security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-15T08:30:20", "id": "RHSA-2020:5423", "href": "https://access.redhat.com/errata/RHSA-2020:5423", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:38:08", "description": "The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. \n\nSecurity Fix(es):\n\n* pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-15T09:03:25", "type": "redhat", "title": "(RHSA-2020:5453) Moderate: pacemaker security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-15T10:17:52", "id": "RHSA-2020:5453", "href": "https://access.redhat.com/errata/RHSA-2020:5453", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2021-07-29T02:27:10", "description": "**Issue Overview:**\n\nA flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. (CVE-2018-16878)\n\nA use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs. (CVE-2019-3885)\n\nA flaw was found in the way pacemaker's client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. (CVE-2018-16877)\n\n \n**Affected Packages:** \n\n\npacemaker\n\n \n**Issue Correction:** \nRun _yum update pacemaker_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 pacemaker-1.1.20-5.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-cli-1.1.20-5.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-libs-1.1.20-5.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-cluster-libs-1.1.20-5.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-remote-1.1.20-5.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-libs-devel-1.1.20-5.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-cts-1.1.20-5.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-doc-1.1.20-5.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-nagios-plugins-metadata-1.1.20-5.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-debuginfo-1.1.20-5.amzn2.0.2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 pacemaker-1.1.20-5.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 pacemaker-cli-1.1.20-5.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 pacemaker-libs-1.1.20-5.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 pacemaker-cluster-libs-1.1.20-5.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 pacemaker-remote-1.1.20-5.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 pacemaker-libs-devel-1.1.20-5.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 pacemaker-cts-1.1.20-5.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 pacemaker-doc-1.1.20-5.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 pacemaker-nagios-plugins-metadata-1.1.20-5.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 pacemaker-debuginfo-1.1.20-5.amzn2.0.2.i686 \n \n src: \n \u00a0\u00a0\u00a0 pacemaker-1.1.20-5.amzn2.0.2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 pacemaker-1.1.20-5.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-cli-1.1.20-5.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-libs-1.1.20-5.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-cluster-libs-1.1.20-5.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-remote-1.1.20-5.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-libs-devel-1.1.20-5.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-cts-1.1.20-5.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-doc-1.1.20-5.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-nagios-plugins-metadata-1.1.20-5.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-debuginfo-1.1.20-5.amzn2.0.2.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-23T03:37:00", "type": "amazon", "title": "Important: pacemaker", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877", "CVE-2018-16878", "CVE-2019-3885"], "modified": "2019-08-27T21:25:00", "id": "ALAS2-2019-1275", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1275.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-25T19:35:48", "description": "**Issue Overview:**\n\nAn ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)\n\n \n**Affected Packages:** \n\n\npacemaker\n\n \n**Issue Correction:** \nRun _yum update pacemaker_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 pacemaker-1.1.23-1.amzn2.1.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-cli-1.1.23-1.amzn2.1.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-libs-1.1.23-1.amzn2.1.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-cluster-libs-1.1.23-1.amzn2.1.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-remote-1.1.23-1.amzn2.1.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-libs-devel-1.1.23-1.amzn2.1.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-cts-1.1.23-1.amzn2.1.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-doc-1.1.23-1.amzn2.1.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-nagios-plugins-metadata-1.1.23-1.amzn2.1.aarch64 \n \u00a0\u00a0\u00a0 pacemaker-debuginfo-1.1.23-1.amzn2.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 pacemaker-1.1.23-1.amzn2.1.i686 \n \u00a0\u00a0\u00a0 pacemaker-cli-1.1.23-1.amzn2.1.i686 \n \u00a0\u00a0\u00a0 pacemaker-libs-1.1.23-1.amzn2.1.i686 \n \u00a0\u00a0\u00a0 pacemaker-cluster-libs-1.1.23-1.amzn2.1.i686 \n \u00a0\u00a0\u00a0 pacemaker-remote-1.1.23-1.amzn2.1.i686 \n \u00a0\u00a0\u00a0 pacemaker-libs-devel-1.1.23-1.amzn2.1.i686 \n \u00a0\u00a0\u00a0 pacemaker-cts-1.1.23-1.amzn2.1.i686 \n \u00a0\u00a0\u00a0 pacemaker-doc-1.1.23-1.amzn2.1.i686 \n \u00a0\u00a0\u00a0 pacemaker-nagios-plugins-metadata-1.1.23-1.amzn2.1.i686 \n \u00a0\u00a0\u00a0 pacemaker-debuginfo-1.1.23-1.amzn2.1.i686 \n \n src: \n \u00a0\u00a0\u00a0 pacemaker-1.1.23-1.amzn2.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 pacemaker-1.1.23-1.amzn2.1.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-cli-1.1.23-1.amzn2.1.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-libs-1.1.23-1.amzn2.1.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-cluster-libs-1.1.23-1.amzn2.1.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-remote-1.1.23-1.amzn2.1.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-libs-devel-1.1.23-1.amzn2.1.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-cts-1.1.23-1.amzn2.1.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-doc-1.1.23-1.amzn2.1.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-nagios-plugins-metadata-1.1.23-1.amzn2.1.x86_64 \n \u00a0\u00a0\u00a0 pacemaker-debuginfo-1.1.23-1.amzn2.1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-05T23:34:00", "type": "amazon", "title": "Medium: pacemaker", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2021-01-06T20:55:00", "id": "ALAS2-2021-1583", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1583.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:41:16", "description": "A flaw was found in the way pacemaker's client-server authentication was\nimplemented in versions up to and including 2.0.0. A local attacker could\nuse this flaw, and combine it with other IPC weaknesses, to achieve local\nprivilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-17T00:00:00", "type": "ubuntucve", "title": "CVE-2018-16877", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877"], "modified": "2019-04-17T00:00:00", "id": "UB:CVE-2018-16877", "href": "https://ubuntu.com/security/CVE-2018-16877", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:41:15", "description": "A flaw was found in pacemaker up to and including version 2.0.1. An\ninsufficient verification inflicted preference of uncontrolled processes\ncan lead to DoS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-04-17T00:00:00", "type": "ubuntucve", "title": "CVE-2018-16878", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16878"], "modified": "2019-04-17T00:00:00", "id": "UB:CVE-2018-16878", "href": "https://ubuntu.com/security/CVE-2018-16878", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:25:15", "description": "An ACL bypass flaw was found in pacemaker. An attacker having a local\naccount on the cluster and in the haclient group could use IPC\ncommunication with various daemons directly to perform certain tasks that\nthey would be prevented by ACLs from doing if they went through the\nconfiguration.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1888191>\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-27T00:00:00", "type": "ubuntucve", "title": "CVE-2020-25654", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-10-27T00:00:00", "id": "UB:CVE-2020-25654", "href": "https://ubuntu.com/security/CVE-2020-25654", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-07-25T06:01:04", "description": "A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-18T18:29:00", "type": "debiancve", "title": "CVE-2018-16877", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877"], "modified": "2019-04-18T18:29:00", "id": "DEBIANCVE:CVE-2018-16877", "href": "https://security-tracker.debian.org/tracker/CVE-2018-16877", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T06:01:04", "description": "A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-04-18T18:29:00", "type": "debiancve", "title": "CVE-2018-16878", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16878"], "modified": "2019-04-18T18:29:00", "id": "DEBIANCVE:CVE-2018-16878", "href": "https://security-tracker.debian.org/tracker/CVE-2018-16878", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-25T06:01:04", "description": "An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-24T20:15:00", "type": "debiancve", "title": "CVE-2020-25654", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-11-24T20:15:00", "id": "DEBIANCVE:CVE-2020-25654", "href": "https://security-tracker.debian.org/tracker/CVE-2020-25654", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T14:20:30", "description": "A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-18T18:29:00", "type": "cve", "title": "CVE-2018-16877", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877"], "modified": "2021-01-07T01:15:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/a:clusterlabs:pacemaker:2.0.0"], "id": "CVE-2018-16877", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16877", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:clusterlabs:pacemaker:2.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:20:34", "description": "A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-04-18T18:29:00", "type": "cve", "title": "CVE-2018-16878", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16878"], "modified": "2021-01-07T01:15:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/a:clusterlabs:pacemaker:2.0.1"], "id": "CVE-2018-16878", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16878", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:clusterlabs:pacemaker:2.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:52:34", "description": "An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-24T20:15:00", "type": "cve", "title": "CVE-2020-25654", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2021-03-04T20:48:00", "cpe": ["cpe:/a:clusterlabs:pacemaker:2.0.5", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-25654", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25654", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:clusterlabs:pacemaker:2.0.5:rc1:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2022-07-07T11:07:59", "description": "A flaw was found in the way pacemaker's client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-17T09:50:40", "type": "redhatcve", "title": "CVE-2018-16877", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16877"], "modified": "2022-07-07T10:39:31", "id": "RH:CVE-2018-16877", "href": "https://access.redhat.com/security/cve/cve-2018-16877", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-07T11:07:59", "description": "A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-04-17T10:20:11", "type": "redhatcve", "title": "CVE-2018-16878", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16878"], "modified": "2022-07-07T10:39:33", "id": "RH:CVE-2018-16878", "href": "https://access.redhat.com/security/cve/cve-2018-16878", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-07T17:35:53", "description": "An ACL bypass flaw was found in Pacemaker. This flaw allows an attacker with a local account on the cluster and in the haclient group to use IPC communication with various daemons to directly perform certain tasks that would be prevented if they had gone through configured ACLs. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-27T08:05:02", "type": "redhatcve", "title": "CVE-2020-25654", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2022-07-07T13:00:42", "id": "RH:CVE-2020-25654", "href": "https://access.redhat.com/security/cve/cve-2020-25654", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2022-02-27T11:49:26", "description": "**CentOS Errata and Security Advisory** CESA-2020:5453\n\n\nThe Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. \n\nSecurity Fix(es):\n\n* pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2020-December/060770.html\n\n**Affected packages:**\npacemaker\npacemaker-cli\npacemaker-cluster-libs\npacemaker-cts\npacemaker-doc\npacemaker-libs\npacemaker-libs-devel\npacemaker-nagios-plugins-metadata\npacemaker-remote\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2020:5453", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-18T00:21:03", "type": "centos", "title": "pacemaker security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2020-12-18T00:21:03", "id": "CESA-2020:5453", "href": "https://lists.centos.org/pipermail/centos-announce/2020-December/060770.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2022-07-26T13:30:26", "description": "pacemaker is vulnerable to authorization bypass. The vulnerability exists through an ACL bypass flaw, where users can use `IPC` communication with the various daemons directly to bypass ACL restrictions. \n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-16T04:59:55", "type": "veracode", "title": "Authorization Bypass", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2021-03-04T21:31:59", "id": "VERACODE:27898", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-27898/summary", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "almalinux": [{"lastseen": "2022-05-12T14:58:22", "description": "The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. \n\nSecurity Fix(es):\n\n* pacemaker: ACL restrictions bypass (CVE-2020-25654)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-15T16:01:26", "type": "almalinux", "title": "Moderate: pacemaker security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25654"], "modified": "2021-08-11T11:18:28", "id": "ALSA-2020:5487", "href": "https://errata.almalinux.org/8/ALSA-2020-5487.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}