Bug 1379784 (CVE-2016-7797)
Summary: | CVE-2016-7797 pacemaker: pacemaker remote nodes vulnerable to hijacking, resulting in a DoS attack | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abeekhof, cbuissar, cfeist, kgaillot, security-response-team, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 08:19:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1312094, 1389439, 1389440 | ||
Bug Blocks: | 1379785 |
Description
Adam Mariš
2016-09-27 16:20:29 UTC
=> Fedora is not affected since fedora 23 and 24 are using pacemaker-1.1.15. => Resolved in RHEL6.8, pacemaker-1.1.14-8.el6, via the following bugzilla : - Bug 1312092 - crmd can crash after unexpected remote connection takeover https://bugzilla.redhat.com/show_bug.cgi?id=1312092 Corresponding errata : https://rhn.redhat.com/errata/RHBA-2016-0856.html => Planned resolution in RHEL7 via the following bugzilla : - Bug 1312094 - crmd can crash after unexpected remote connection takeover https://bugzilla.redhat.com/show_bug.cgi?id=1312094 Acknowledgments: Name: Alain Moulle (ATOS/BULL) This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2578 https://rhn.redhat.com/errata/RHSA-2016-2578.html |