(RHSA-2016:2675) Important: pacemaker security update

2016-11-08T17:55:03
ID RHSA-2016:2675
Type redhat
Reporter RedHat
Modified 2018-06-09T14:15:17

Description

The Pacemaker cluster resource manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure.

Security Fix(es):

  • An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. (CVE-2016-7035)

This issue was discovered by Jan "poki" Pokorny (Red Hat) and Alain Moulle (ATOS/BULL).