Published: 18/04/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clusterlabs pacemaker
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
canonical ubuntu linux 19.04
fedoraproject fedora 28
fedoraproject fedora 29
fedoraproject fedora 30
debian debian linux 9.0
opensuse leap 42.3
opensuse leap 15.0
redhat enterprise linux 8.0
redhat enterprise linux eus 8.1
redhat enterprise linux eus 8.2
redhat enterprise linux server tus 8.2
redhat enterprise linux server aus 8.2
redhat enterprise linux server tus 8.4
redhat enterprise linux eus 8.4
redhat enterprise linux server aus 8.4
redhat enterprise linux server aus 8.6
redhat enterprise linux server tus 8.6
redhat enterprise linux eus 8.6

Debian Bug report logs - #927714 CVE-2019-3885 CVE-2018-16877 CVE-2018-16878 Package: src:pacemaker; Maintainer for src:pacemaker is Debian HA Maintainers <debian-ha-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 21 Apr 2019 20:30:01 UTC Severity: grave Tags: securit ...

Several security issues were fixed in Pacemaker ...

Synopsis Important: pacemaker security update Type/Severity Security Advisory: Important Topic An update for pacemaker is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...

Synopsis Important: pacemaker security and bug fix update Type/Severity Security Advisory: Important Topic An update for pacemaker is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

A flaw was found in pacemaker An insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878) A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs (CVE-2019-3885) A flaw was found in the way pacemaker's client-server authenti ...

Impact: Important Public Date: 2019-04-17 CWE: CWE-287 Bugzilla: 1652646: CVE-2018-16877 pacemaker: Ins ...

NVD-CWE-noinfo https://github.com/ClusterLabs/pacemaker/pull/1749 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16877 https://usn.ubuntu.com/3952-1/http://www.securityfocus.com/bid/108042 http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html https://access.redhat.com/errata/RHSA-2019:1279 https://access.redhat.com/errata/RHSA-2019:1278 https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html https://security.gentoo.org/glsa/202309-09 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714 https://usn.ubuntu.com/3952-1/https://nvd.nist.gov

CVE-2018-16877

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect