pacemaker is vulnerable to privilege escalation attacks. The vulnerability exists as an authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.
rhn.redhat.com/errata/RHSA-2016-2614.html
rhn.redhat.com/errata/RHSA-2016-2675.html
www.openwall.com/lists/oss-security/2016/11/03/5
www.securityfocus.com/bid/94214
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1389023
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7035
github.com/ClusterLabs/pacemaker/commit/5d71e65049
lists.clusterlabs.org/pipermail/users/2016-November/004432.html
rhn.redhat.com/errata/RHSA-2016-2614.html
security.gentoo.org/glsa/201710-08