ID CVE-2016-7797
Summary Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
References
Vulnerable Configurations
  • cpe:2.3:a:clusterlabs:pacemaker:1.1.14
    cpe:2.3:a:clusterlabs:pacemaker:1.1.14
  • cpe:2.3:o:suse:linux_enterprise_high_availability:12:sp2
    cpe:2.3:o:suse:linux_enterprise_high_availability:12:sp2
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2
  • cpe:2.3:o:opensuse_project:leap:42.1
    cpe:2.3:o:opensuse_project:leap:42.1
  • OpenSUSE Project Leap 42.2
    cpe:2.3:o:opensuse_project:leap:42.2
  • cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0
    cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0
  • cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0
    cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0
CVSS
Base: 5.0 (as of 27-03-2017 - 22:55)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
redhat via4
advisories
bugzilla
id 1379784
title CVE-2016-7797 pacemaker: pacemaker remote nodes vulnerable to hijacking, resulting in a DoS attack
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment pacemaker is earlier than 0:1.1.15-11.el7
        oval oval:com.redhat.rhsa:tst:20162578007
      • comment pacemaker is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635006
    • AND
      • comment pacemaker-cli is earlier than 0:1.1.15-11.el7
        oval oval:com.redhat.rhsa:tst:20162578015
      • comment pacemaker-cli is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635014
    • AND
      • comment pacemaker-cluster-libs is earlier than 0:1.1.15-11.el7
        oval oval:com.redhat.rhsa:tst:20162578005
      • comment pacemaker-cluster-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635016
    • AND
      • comment pacemaker-cts is earlier than 0:1.1.15-11.el7
        oval oval:com.redhat.rhsa:tst:20162578011
      • comment pacemaker-cts is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635018
    • AND
      • comment pacemaker-doc is earlier than 0:1.1.15-11.el7
        oval oval:com.redhat.rhsa:tst:20162578021
      • comment pacemaker-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635012
    • AND
      • comment pacemaker-libs is earlier than 0:1.1.15-11.el7
        oval oval:com.redhat.rhsa:tst:20162578017
      • comment pacemaker-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635008
    • AND
      • comment pacemaker-libs-devel is earlier than 0:1.1.15-11.el7
        oval oval:com.redhat.rhsa:tst:20162578009
      • comment pacemaker-libs-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635010
    • AND
      • comment pacemaker-nagios-plugins-metadata is earlier than 0:1.1.15-11.el7
        oval oval:com.redhat.rhsa:tst:20162578019
      • comment pacemaker-nagios-plugins-metadata is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152383010
    • AND
      • comment pacemaker-remote is earlier than 0:1.1.15-11.el7
        oval oval:com.redhat.rhsa:tst:20162578013
      • comment pacemaker-remote is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131635020
rhsa
id RHSA-2016:2578
released 2016-11-03
severity Moderate
title RHSA-2016:2578: pacemaker security, bug fix, and enhancement update (Moderate)
rpms
  • pacemaker-0:1.1.15-11.el7
  • pacemaker-cli-0:1.1.15-11.el7
  • pacemaker-cluster-libs-0:1.1.15-11.el7
  • pacemaker-cts-0:1.1.15-11.el7
  • pacemaker-doc-0:1.1.15-11.el7
  • pacemaker-libs-0:1.1.15-11.el7
  • pacemaker-libs-devel-0:1.1.15-11.el7
  • pacemaker-nagios-plugins-metadata-0:1.1.15-11.el7
  • pacemaker-remote-0:1.1.15-11.el7
refmap via4
bid 93261
confirm
mlist [oss-security] 20160930 Re: CVE request: pacemaker DoS when pacemaker remote is in use
suse
  • SUSE-SU-2016:2869
  • openSUSE-SU-2016:2965
  • openSUSE-SU-2016:3101
Last major update 28-03-2017 - 10:14
Published 24-03-2017 - 11:59
Back to Top