Back to bug 1369732
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-08-24 09:21:25 UTC | CC | security-response-team | |
| Adam Mariš | 2016-08-24 09:23:20 UTC | Blocks | 1369733 | |
| Adam Mariš | 2016-08-24 09:23:53 UTC | Depends On | 1369467 | |
| Cedric Buissart | 2016-09-06 10:10:08 UTC | Whiteboard | impact=important,public=no,reported=20160823,source=redhat,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-285,rhel-6/pacemaker=new,rhel-7/pacemaker=new,fedora-all/pacemaker=affected | impact=important,public=no,reported=20160823,source=redhat,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-285,rhel-6/pacemaker=affected,rhel-7/pacemaker=affected,fedora-all/pacemaker=affected |
| Cedric Buissart | 2016-09-06 14:40:00 UTC | Doc Text | It was found that pacemaker did not guard properly its IPC interface. An attacker with any unprivileged account on a pacemaker node could use this flaw to, for example, force the Local Resource Manager to execute a script as root in order to gain root access on the machine. | |
| Cedric Buissart | 2016-09-06 14:41:31 UTC | Doc Text | It was found that pacemaker did not guard properly its IPC interface. An attacker with any unprivileged account on a pacemaker node could use this flaw to, for example, force the Local Resource Manager to execute a script as root in order to gain root access on the machine. | It was found that pacemaker did not guard properly its IPC interface. An attacker with unprivileged account on a pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root in order to gain root access on the machine. |
| Adam Mariš | 2016-09-06 14:58:06 UTC | Summary | EMBARGOED pacemaker: Privilege escalation due to improper guarding of IPC communication | EMBARGOED CVE-2016-7035 pacemaker: Privilege escalation due to improper guarding of IPC communication |
| Alias | CVE-2016-7035 | |||
| Summer Long | 2016-09-06 23:05:53 UTC | CC | slong | |
| Doc Text | It was found that pacemaker did not guard properly its IPC interface. An attacker with unprivileged account on a pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root in order to gain root access on the machine. | An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. | ||
| Cedric Buissart | 2016-09-09 13:23:51 UTC | CC | cbuissar | |
| Cedric Buissart | 2016-09-09 13:28:56 UTC | CC | jpokorny | |
| Cedric Buissart | 2016-09-09 15:09:46 UTC | Depends On | 1374774 | |
| Cedric Buissart | 2016-09-09 15:09:53 UTC | Depends On | 1374775 | |
| Cedric Buissart | 2016-09-09 15:10:01 UTC | Depends On | 1374776 | |
| Cedric Buissart | 2016-09-09 15:10:07 UTC | Depends On | 1374777 | |
| Tomas Hoger | 2016-09-13 13:10:09 UTC | CC | amaris | |
| Flags | needinfo?(amaris) | |||
| Adam Mariš | 2016-09-13 15:57:34 UTC | Flags | needinfo?(amaris) | |
| Ken Gaillot | 2016-10-20 20:51:32 UTC | CC | cfeist | |
| Cedric Buissart | 2016-10-24 16:00:28 UTC | Blocks | 1379785 | |
| Cedric Buissart | 2016-10-26 09:57:06 UTC | Whiteboard | impact=important,public=no,reported=20160823,source=redhat,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-285,rhel-6/pacemaker=affected,rhel-7/pacemaker=affected,fedora-all/pacemaker=affected | impact=important,public=no,reported=20160823,source=redhat,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H,cwe=CWE-285,rhel-6/pacemaker=affected,rhel-7/pacemaker=affected,fedora-all/pacemaker=affected |
| Cedric Buissart | 2016-10-31 09:13:29 UTC | Whiteboard | impact=important,public=no,reported=20160823,source=redhat,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H,cwe=CWE-285,rhel-6/pacemaker=affected,rhel-7/pacemaker=affected,fedora-all/pacemaker=affected | impact=important,public=20161103,reported=20160823,source=redhat,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H,cwe=CWE-285,rhel-6/pacemaker=affected,rhel-7/pacemaker=affected,fedora-all/pacemaker=affected |
| Cedric Buissart | 2016-11-03 08:44:02 UTC | Summary | EMBARGOED CVE-2016-7035 pacemaker: Privilege escalation due to improper guarding of IPC communication | CVE-2016-7035 pacemaker: Privilege escalation due to improper guarding of IPC communication |
| Cedric Buissart | 2016-11-03 08:44:06 UTC | Group | security, qe_staff | |
| Cedric Buissart | 2016-11-03 08:45:34 UTC | Depends On | 1391386 | |
| Cedric Buissart | 2016-11-08 13:49:04 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-11-08 08:49:04 UTC | |||
| Adam Mariš | 2016-11-08 16:18:10 UTC | CC | amaris | |
| Yasuhiro Ozone | 2017-02-14 01:07:56 UTC | CC | yozone | |
| Bryan Totty | 2017-02-27 15:28:48 UTC | CC | btotty | |
| Andrej Nemec | 2018-09-10 14:25:27 UTC | Fixed In Version | pacemaker 1.1.16 | |
| Product Security DevOps Team | 2019-09-29 13:55:15 UTC | Whiteboard | impact=important,public=20161103,reported=20160823,source=redhat,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H,cwe=CWE-285,rhel-6/pacemaker=affected,rhel-7/pacemaker=affected,fedora-all/pacemaker=affected |
Back to bug 1369732