Pacemaker is vulnerable to denial of service. This is due to the way authentication and processing of remote connections in certain circumstances are performed. A remote attacker is able to exploit the vulnerability to prevent the process from serving other requests when it is configured with remote Cluster Information Base (CIB)
configuration or resource management.
CPE | Name | Operator | Version |
---|---|---|---|
pacemaker | eq | 1.1.2__7.el6 | |
pacemaker | eq | 1.1.6__3.el6 | |
pacemaker | eq | 1.1.8__7.el6 | |
pacemaker | eq | 1.1.10__1.el6_4.4 | |
pacemaker | eq | 1.1.5__5.el6 | |
pacemaker | eq | 1.1.7__6.el6 |
rhn.redhat.com/errata/RHSA-2013-1635.html
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1011618
bugzilla.redhat.com/show_bug.cgi?id=891922
bugzilla.redhat.com/show_bug.cgi?id=902407
bugzilla.redhat.com/show_bug.cgi?id=902459
bugzilla.redhat.com/show_bug.cgi?id=996850
bugzilla.redhat.com/show_bug.cgi?id=997346
github.com/ClusterLabs/pacemaker/commit/564f7cc2a51dcd2f28ab12a13394f31be5aa3c93
rhn.redhat.com/errata/RHSA-2013-1635.html