Hello all, Jan Pokorný of Red Hat discovered three security-related issues in Pacemaker that have been publicly disclosed today.
The most significant is a privilege escalation vulnerability (assigned CVE-2018-16877). An unprivileged attacker with local access to a pacemaker node when pacemaker is not running can create a process pretending to be a pacemaker subdaemon. When pacemaker starts, it will accept the impostor as valid, and the impostor can then craft messages to manipulate other pacemaker subdaemons into performing commands as root. The other two are less significant. A local attacker can exploit the same vulnerability for denial-of-service (assigned CVE-2018-16878). An unrelated use-after-free bug in the alerts code (assigned CVE-2019- 3885) could expose environment variables in the pacemaker log, resulting in information disclosure of sensitive information kept in environment variables to local users with permissions to access the pacemaker log but not wherever the environment variables are set. Pull requests patching these vulnerabilities for the master and 1.1 branches of pacemaker will be merged shortly: https://github.com/ClusterLabs/pacemaker/pull/1749 https://github.com/ClusterLabs/pacemaker/pull/1750 Without the patches, a mitigation is to prevent local user access to cluster nodes except for cluster administrators (which is the recommended and most common deployment model). Due to the stricter authentication now imposed, a new requirement (unlikely to be of interest to most users) is that the hacluster user and haclient group must exist before running the executor and fencer regression tests. -- Ken Gaillot <kgail...@redhat.com> _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/