CVE-2020-25654

Debian Bug report logs - #973254 pacemaker: CVE-2020-25654 Package: src:pacemaker; Maintainer for src:pacemaker is Debian HA Maintainers <debian-ha-maintainers@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 27 Oct 2020 22:21:02 UTC Severity: grave Tags: patch, security, ups ...

Synopsis Moderate: pacemaker security update Type/Severity Security Advisory: Moderate Topic An update for pacemaker is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...

Synopsis Moderate: pacemaker security update Type/Severity Security Advisory: Moderate Topic An update for pacemaker is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Synopsis Moderate: pacemaker security update Type/Severity Security Advisory: Moderate Topic An update for pacemaker is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Ken Gaillot discovered a vulnerability in the Pacemaker cluster resource manager: If ACLs were configured for users in the haclient group, the ACL restrictions could be bypassed via unrestricted IPC communication, resulting in cluster-wide arbitrary code execution with root privileges If the enable-acl cluster option isn't enabled, members of the ...

An ACL bypass flaw was found in pacemaker An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration (CVE-2020-25654) ...