DSA-4791-1 pacemaker -- pacemakerID: oval:org.secpod.oval:def:67876 | Date: (C)2020-12-18 (M)2023-10-05 |
Class: PATCH | Family: unix |
Ken Gaillot discovered a vulnerability in the Pacemaker cluster resource manager: If ACLs were configured for users in the quot;haclientquot; group, the ACL restrictions could be bypassed via unrestricted IPC communication, resulting in cluster-wide arbitrary code execution with root privileges. If the quot;enable-aclquot; cluster option isn"t enabled, members of the quot;haclientquot; group can modify Pacemaker"s Cluster Information Base without restriction, which already gives them these capabilities, so there is no additional exposure in such a setup.