Bug 2116815 (CVE-2022-2735)

Summary: CVE-2022-2735 pcs: obtaining an authentication token for hacluster user could lead to privilege escalation
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: anprice, cfeist, cluster-maint, idevat, kmalyjur, mlisik, mpospisi, omular, security-response-team, tojeline
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-06 08:45:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2116835, 2116836, 2116837, 2116838, 2116839, 2116841, 2123389    
Bug Blocks: 2115681, 2123601    

Description TEJ RATHI 2022-08-09 11:25:17 UTC
A security issue was discovered in pcs project. It is caused by incorrect permissions on a unix socket used for internal communication between pcs daemons. A privilege escalation could happen by obtaining authentication token for hacluster user. With the hacluster token, an attacker has complete control over the cluster managed by pcs. The bug was introduced in pcs version 0.10.5 by this bz [1]

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1783106

Comment 4 TEJ RATHI 2022-09-01 14:11:41 UTC
Created pcs tracking bugs for this issue:

Affects: fedora-all [bug 2123389]

Comment 5 TEJ RATHI 2022-09-01 14:13:30 UTC
The issue is public now : https://www.openwall.com/lists/oss-security/2022/09/01/4

Comment 6 errata-xmlrpc 2022-09-01 15:10:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6312 https://access.redhat.com/errata/RHSA-2022:6312

Comment 7 errata-xmlrpc 2022-09-01 15:14:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6313 https://access.redhat.com/errata/RHSA-2022:6313

Comment 8 errata-xmlrpc 2022-09-01 15:15:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6314 https://access.redhat.com/errata/RHSA-2022:6314

Comment 9 errata-xmlrpc 2022-09-05 15:29:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:6341 https://access.redhat.com/errata/RHSA-2022:6341

Comment 10 Product Security DevOps Team 2022-09-06 08:45:11 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2735