CESA-2016:2675 -- centos 6 pacemakerID: oval:org.secpod.oval:def:204036 | Date: (C)2016-11-15 (M)2023-07-28 |
Class: PATCH | Family: unix |
The Pacemaker cluster resource manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. Security Fix: * An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. This issue was discovered by Jan "poki" Pokorny and Alain Moulle .