Bugzilla – Bug 1131356
VUL-0: CVE-2018-16877: pacemaker: Insufficient local IPC client-server authentication on the client's side
Last modified: 2024-05-29 17:02:18 UTC
CVE-2018-16877 1. CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc: A flaw was found in the way pacemaker's client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16877
CRD: 2019-04-10 10:00 UTC
Created attachment 802030 [details] High-pacemakerd-vs.-IPC-procfs-confused-deputy-authentic-v8-branch-1.1.patch
(In reply to Karol Babioch from comment #3) > Created attachment 802030 [details] > High-pacemakerd-vs.-IPC-procfs-confused-deputy-authentic-v8-branch-1.1.patch This is the patch for pacemaker 1.1 branch, which can be relatively easily back-ported for the code base of SLE12SP4. I wonder if the author provided a patch for pacemaker master branch, which is closer to the code base of SLE15. Otherwise we'd have to use the relatively heavily back-ported patch from me: https://build.suse.de/package/view_file/home:yan_gao:branches:SUSE:SLE-15:Update:Test/pacemaker/bsc%231131353-bsc%231131356-High-pacemakerd-vs.-IPC-procfs-confused-deputy-authentic-v8-branch-1.1.patch
(In reply to Yan Gao from comment #4) > I wonder if the author provided a patch for pacemaker master branch, which > is closer to the code base of SLE15. Otherwise we'd have to use the > relatively heavily back-ported patch from me: > https://build.suse.de/package/view_file/home:yan_gao:branches:SUSE:SLE-15: > Update:Test/pacemaker/bsc%231131353-bsc%231131356-High-pacemakerd-vs.-IPC- > procfs-confused-deputy-authentic-v8-branch-1.1.patch No further patches have been provided. I can ask for it, and/or we just wait until this becomes public. At least in my view this is not uber critical and I'm not even convinved that the embargo makes sense in the first place. But it is, what it is.
(In reply to Karol Babioch from comment #3) > Created attachment 802030 [details] > High-pacemakerd-vs.-IPC-procfs-confused-deputy-authentic-v8-branch-1.1.patch The patch seems to have potential issue. Could you please tell the author there's changes of behavior with the patch? Thanks. With a running cluster stack: The old behavior: 1. killall -9 corosync 2. crmd exits and a new crmd gets respawned (NO.2) 3. corosync starts again and new pacemakerd finds the pre-existing crmd (NO.2) and continues working. With the patch, the new behavior: 1. killall -9 corosync 2. crmd exits and a new crmd(NO.2) gets respawned 3. corosync starts again and new pacemakerd spawns a duplicate crmd which complains: Apr 05 15:24:46 node1 crmd[23500]: error: Could not bind AF_UNIX (): Address already in use (98) Apr 05 15:24:46 node1 crmd[23500]: error: Could not start crmd IPC server: Address already in use (-98) 4. The duplicate crmd exits, and another new duplicate crmd gets respawned, retries and exits and again ... 5. Eventually crmd(NO.2) fails and exits and a newly respawned crmd starts working.
(In reply to Yan Gao from comment #7) > The patch seems to have potential issue. Could you please tell the author > there's changes of behavior with the patch? Thanks. I've forwarded your findings to the original reporter and the distros list. I will let you know once there has been any feedback. Best regards, Karol Babioch
Due to some concerns related to the patchset, the CRD has been moved. CRD: 2019-04-16 10:00 UTC
CRD: 2019-04-17 10:00
Public now.
SUSE-SU-2019:1047-1: An update that solves three vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1117381,1117934,1128374,1128772,1131353,1131356,1131357 CVE References: CVE-2018-16877,CVE-2018-16878,CVE-2019-3885 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1 SUSE Linux Enterprise High Availability 12-SP4 (src): pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1108-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1131353,1131356 CVE References: CVE-2018-16877,CVE-2018-16878 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): pacemaker-1.1.16-6.14.1 SUSE Linux Enterprise High Availability 12-SP3 (src): pacemaker-1.1.16-6.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1131356) was mentioned in https://build.opensuse.org/request/show/700145 Factory / pacemaker
openSUSE-SU-2019:1342-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1131353,1131356 CVE References: CVE-2018-16877,CVE-2018-16878 Sources used: openSUSE Leap 42.3 (src): pacemaker-1.1.16-4.12.1
SUSE-SU-2019:1209-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1117381,1131353,1131356,1131357 CVE References: CVE-2018-16877,CVE-2018-16878,CVE-2019-3885 Sources used: SUSE Linux Enterprise High Availability 15 (src): pacemaker-1.1.18+20180430.b12c320f5-3.9.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1400-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1117381,1131353,1131356,1131357 CVE References: CVE-2018-16877,CVE-2018-16878,CVE-2019-3885 Sources used: openSUSE Leap 15.0 (src): pacemaker-1.1.18+20180430.b12c320f5-lp150.2.9.1
SUSE-SU-2019:2268-1: An update that solves two vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1032511,1127716,1130122,1131353,1131356,1133866,1135317,1136712,1140519 CVE References: CVE-2018-16877,CVE-2018-16878 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): pacemaker-1.1.19+20181105.ccd6b5b10-3.13.1 SUSE Linux Enterprise High Availability 12-SP4 (src): pacemaker-1.1.19+20181105.ccd6b5b10-3.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2019:2405-1: An update that has 7 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1032511,1127716,1130122,1131353,1131356,1133866,1136712 CVE References: Sources used: SUSE Linux Enterprise High Availability 15 (src): pacemaker-1.1.18+20180430.b12c320f5-3.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-RU-2019:2214-1: An update that has 7 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1032511,1127716,1130122,1131353,1131356,1133866,1136712 CVE References: Sources used: openSUSE Leap 15.0 (src): pacemaker-1.1.18+20180430.b12c320f5-lp150.2.12.1
SUSE-SU-2020:1072-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1131353,1131356 CVE References: CVE-2018-16877,CVE-2018-16878 Sources used: SUSE Linux Enterprise High Availability 12-SP2 (src): pacemaker-1.1.15-23.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.