Bugzilla – Bug 1002767
VUL-0: CVE-2016-7797: pacemaker: PCS remote nodes vulnerable to hijacking, resulting in a DoS attack
Last modified: 2019-07-17 11:42:24 UTC
rh#1379784 If a corosync node is connected to a pacemaker_remote node, the connection can be trivially killed simply by connecting to the remote on its standard TCP port (typically 3121): 2016-02-18T18:06:45.258661+00:00 d52-54-77-77-77-01 crmd[2637]: error: Unexpected pacemaker_remote client takeover. Disconnecting Takeover is allowed in order to support migration of the remote primitive from one corosync node to another, but since this is a trivial denial of service attack, it should only be allowed once a valid authkey is provided. Upstream bug: http://bugs.clusterlabs.org/show_bug.cgi?id=5269 Upstream fix: https://github.com/ClusterLabs/pacemaker/commit/5ec24a26 References: https://bugzilla.redhat.com/show_bug.cgi?id=1379784 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7797 http://seclists.org/oss-sec/2016/q3/685 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7797.html
It was me who fixed the issue actually ;) The fix has been submitted for our products. See also: https://bugzilla.suse.com/show_bug.cgi?id=967388 But yes, it makes sense to mark it out with the CVE number in the changelogs.
Marked out for SLE12SP2: https://build.suse.de/request/show/123753 SLE12SP1: https://build.suse.de/request/show/123856 SLE11SP4: https://build.suse.de/request/show/123894
SUSE-SU-2016:2869-1: An update that solves two vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1000743,1002767,1003565,1007433,967388,986644,987348 CVE References: CVE-2016-7035,CVE-2016-7797 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): pacemaker-1.1.15-21.1 SUSE Linux Enterprise High Availability 12-SP2 (src): pacemaker-1.1.15-21.1
openSUSE-SU-2016:2965-1: An update that solves two vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1000743,1002767,1003565,1007433,967388,986644,987348 CVE References: CVE-2016-7035,CVE-2016-7797 Sources used: openSUSE Leap 42.2 (src): pacemaker-1.1.15-5.1
SUSE-SU-2016:2974-1: An update that solves two vulnerabilities and has 7 fixes is now available. Category: security (moderate) Bug References: 1000743,1002767,1003565,1007433,1009076,967388,986644,987348,995365 CVE References: CVE-2016-7035,CVE-2016-7797 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): pacemaker-1.1.13-20.1 SUSE Linux Enterprise High Availability 12-SP1 (src): pacemaker-1.1.13-20.1
openSUSE-SU-2016:3101-1: An update that solves two vulnerabilities and has 7 fixes is now available. Category: security (moderate) Bug References: 1000743,1002767,1003565,1007433,1009076,967388,986644,987348,995365 CVE References: CVE-2016-7035,CVE-2016-7797 Sources used: openSUSE Leap 42.1 (src): pacemaker-1.1.13-23.2
SUSE-SU-2016:3162-1: An update that solves two vulnerabilities and has 23 fixes is now available. Category: security (moderate) Bug References: 1000743,1002767,1003565,1007433,1009076,953192,970733,971129,972187,974108,975079,976271,976865,977258,977675,977800,981489,981731,986056,986201,986265,986644,986676,986931,987348 CVE References: CVE-2016-7035,CVE-2016-7797 Sources used: SUSE Linux Enterprise High Availability Extension 11-SP4 (src): pacemaker-1.1.12-18.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): pacemaker-1.1.12-18.1
Fix has been included in all the releases that are under general maintenance and LTSS. Closing this.