CVE-2018-16878

Published: 18/04/2019 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

Vulnerable Product	Search on Vulmon	Subscribe to Product
clusterlabs pacemaker
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
canonical ubuntu linux 19.04
fedoraproject fedora 28
fedoraproject fedora 29
fedoraproject fedora 30
debian debian linux 9.0
opensuse leap 42.3
opensuse leap 15.0
redhat enterprise linux 8.0
redhat enterprise linux eus 8.1
redhat enterprise linux eus 8.2
redhat enterprise linux aus 8.2
redhat enterprise linux tus 8.2
redhat enterprise linux aus 8.4
redhat enterprise linux tus 8.4
redhat enterprise linux eus 8.4
redhat enterprise linux eus 8.6
redhat enterprise linux tus 8.6
redhat enterprise linux aus 8.6

Synopsis Important: pacemaker security and bug fix update Type/Severity Security Advisory: Important Topic An update for pacemaker is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: pacemaker security update Type/Severity Security Advisory: Important Topic An update for pacemaker is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...

Several security issues were fixed in Pacemaker ...

Debian Bug report logs - #927714 CVE-2019-3885 CVE-2018-16877 CVE-2018-16878 Package: src:pacemaker; Maintainer for src:pacemaker is Debian HA Maintainers <debian-ha-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 21 Apr 2019 20:30:01 UTC Severity: grave Tags: securit ...

A flaw was found in pacemaker An insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878) A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs (CVE-2019-3885) A flaw was found in the way pacemaker's client-server authenti ...

Hello all, Jan PokornÃ½ from Red Hat has discovered 3 security issues with the pacemaker package Details and proposed patches are available in this email Proposed unembargo date/time is: 10th April, 10:00 UTC 1 CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc: A fla ...

CWE-400 https://github.com/ClusterLabs/pacemaker/pull/1749 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16878 http://www.securityfocus.com/bid/108039 https://usn.ubuntu.com/3952-1/https://security.gentoo.org/glsa/202309-09 https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html https://access.redhat.com/errata/RHSA-2019:1278 https://access.redhat.com/errata/RHSA-2019:1279 http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/https://access.redhat.com/errata/RHSA-2019:1279 https://nvd.nist.gov https://usn.ubuntu.com/3952-1/

CVE-2018-16878

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect