CVE-2016-7035
NONE EPSS 31.5%
Published Sep 10, 20187y ago · Modified Jun 17, 20262w ago
Published Sep 10, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.
Threat Intelligence
EPSS Exploit Probability
31.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-285
Affected Products 7
References 8
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-2614.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-2675.html
- openwall.com http://www.openwall.com/lists/oss-security/2016/11/03/5
- securityfocus.com http://www.securityfocus.com/bid/94214
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7035
- github.com https://github.com/ClusterLabs/pacemaker/commit/5d71e65049
- lists.clusterlabs.org https://lists.clusterlabs.org/pipermail/users/2016-November/004432.html
- security.gentoo.org https://security.gentoo.org/glsa/201710-08
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.