logo
DATABASE RESOURCES PRICING ABOUT US

NewStart CGSL CORE 5.05 / MAIN 5.05 : pacemaker Multiple Vulnerabilities (NS-SA-2019-0258)

Description

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has pacemaker packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. (CVE-2018-16877) - A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. (CVE-2019-3885) - A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related