Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-7035

Опубликовано: 10 сент. 2018
Источник: nvd
CVSS3: 8.8
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:clusterlabs:pacemaker:*:*:*:*:*:*:*:*
Версия до 1.1.16 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

EPSS

Процентиль: 29%
0.00103
Низкий

8.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-285
CWE-285

Связанные уязвимости

ubuntu логотип

CVE-2016-7035

CVSS3: 8.8
ubuntu
больше 7 лет назад

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.

redhat логотип

CVE-2016-7035

CVSS3: 8.8
redhat
больше 9 лет назад

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.

debian логотип

CVE-2016-7035

CVSS3: 8.8
debian
больше 7 лет назад

An authorization flaw was found in Pacemaker before 1.1.16, where it d ...

github логотип

GHSA-5wmv-gcg2-v47h

CVSS3: 7.8
github
больше 3 лет назад

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.

suse-cvrf логотип

openSUSE-SU-2016:3101-1

suse-cvrf
около 9 лет назад

Security update for pacemaker

EPSS

Процентиль: 29%
0.00103
Низкий

8.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-285
CWE-285