Privilege Escalation

pacemaker is vulnerable to privilege escalation attacks. The vulnerability exists as an authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, for...

Authorization

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain roo...

DEBIAN-CVE-2016-7035

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain roo...

CVE-2016-7035

CVE-2016-7035 affects Pacemaker prior to 1.1.16, due to an authorization flaw on the IPC interface. An unprivileged local attacker could force the Local Resource Manager daemon to execute a script as root, gaining full euid/root access. The issue is mitigated by upgrading Pacemaker to 1.1.16 or n...

pacemaker: Privilege escalation due to improper guarding of IPC communication

An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on th...

Important: Red Hat Security Advisory: pacemaker security update

An update for pacemaker is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

pacemaker: Privilege escalation due to improper guarding of IPC communication

An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on th...

SuSE 10 Security Update : heartbeat (ZYPP Patch Number 1978)

This update fixes both a local and a remote denial of service attack within heartbeat, as well as numerous other bugs in the messaging and membership layer, GUI, Cluster Resource Manager, Local Resource Manager and Resource Agents. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...