ID CVE-2013-0281
Summary Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clusterlabs:pacemaker:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:clusterlabs:pacemaker:1.1.10:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1011618
title Slave roles inconsistent in pcs status xml (or crm_mon)
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment pacemaker is earlier than 0:1.1.10-14.el6
        oval oval:com.redhat.rhsa:tst:20131635005
      • comment pacemaker is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635006
    • AND
      • comment pacemaker-cli is earlier than 0:1.1.10-14.el6
        oval oval:com.redhat.rhsa:tst:20131635013
      • comment pacemaker-cli is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635014
    • AND
      • comment pacemaker-cluster-libs is earlier than 0:1.1.10-14.el6
        oval oval:com.redhat.rhsa:tst:20131635015
      • comment pacemaker-cluster-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635016
    • AND
      • comment pacemaker-cts is earlier than 0:1.1.10-14.el6
        oval oval:com.redhat.rhsa:tst:20131635017
      • comment pacemaker-cts is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635018
    • AND
      • comment pacemaker-doc is earlier than 0:1.1.10-14.el6
        oval oval:com.redhat.rhsa:tst:20131635011
      • comment pacemaker-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635012
    • AND
      • comment pacemaker-libs is earlier than 0:1.1.10-14.el6
        oval oval:com.redhat.rhsa:tst:20131635007
      • comment pacemaker-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635008
    • AND
      • comment pacemaker-libs-devel is earlier than 0:1.1.10-14.el6
        oval oval:com.redhat.rhsa:tst:20131635009
      • comment pacemaker-libs-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635010
    • AND
      • comment pacemaker-remote is earlier than 0:1.1.10-14.el6
        oval oval:com.redhat.rhsa:tst:20131635019
      • comment pacemaker-remote is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635020
rhsa
id RHSA-2013:1635
released 2013-11-21
severity Low
title RHSA-2013:1635: pacemaker security, bug fix, and enhancement update (Low)
rpms
  • pacemaker-0:1.1.10-14.el6
  • pacemaker-cli-0:1.1.10-14.el6
  • pacemaker-cluster-libs-0:1.1.10-14.el6
  • pacemaker-cts-0:1.1.10-14.el6
  • pacemaker-doc-0:1.1.10-14.el6
  • pacemaker-libs-0:1.1.10-14.el6
  • pacemaker-libs-devel-0:1.1.10-14.el6
  • pacemaker-remote-0:1.1.10-14.el6
refmap via4
confirm
Last major update 22-04-2019 - 17:48
Published 23-11-2013 - 11:55
Back to Top