CVE-2016-7035

Priority
Description
An authorization flaw was found in Pacemaker before 1.1.16, where it did
not properly guard its IPC interface. An attacker with an unprivileged
account on a Pacemaker node could use this flaw to, for example, force the
Local Resource Manager daemon to execute a script as root and thereby gain
root access on the machine.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (1.1.15-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.1.10+git20130802-1ubuntu2.4])
Ubuntu 16.04 LTS (Xenial Xerus):released (1.1.14-2ubuntu1.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.1.16-1ubuntu1)
Patches:
Upstream:https://github.com/ClusterLabs/pacemaker/commit/5d71e65049
More Information

Updated: 2019-12-05 18:46:08 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)