{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2018-16877", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-05T10:32:54.207Z", "dateReserved": "2018-09-11T00:00:00", "datePublished": "2019-04-18T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-29T10:06:20.138691"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation."}], "affected": [{"vendor": "ClusterLabs", "product": "pacemaker", "versions": [{"version": "affects up to and including Pacemaker-2.0.0", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16877"}, {"url": "https://github.com/ClusterLabs/pacemaker/pull/1749"}, {"name": "USN-3952-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/3952-1/"}, {"name": "108042", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/108042"}, {"name": "FEDORA-2019-e4c8de3fb7", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/"}, {"name": "FEDORA-2019-e71f6f36ac", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/"}, {"name": "FEDORA-2019-b502250ba4", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/"}, {"name": "openSUSE-SU-2019:1342", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html"}, {"name": "openSUSE-SU-2019:1400", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html"}, {"name": "RHSA-2019:1278", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1278"}, {"name": "RHSA-2019:1279", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1279"}, {"name": "[debian-lts-announce] 20210106 [SECURITY] [DLA 2519-1] pacemaker security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html"}, {"name": "GLSA-202309-09", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-09"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-287", "cweId": "CWE-287"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:32:54.207Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16877", "tags": ["x_transferred"]}, {"url": "https://github.com/ClusterLabs/pacemaker/pull/1749", "tags": ["x_transferred"]}, {"name": "USN-3952-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/3952-1/"}, {"name": "108042", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/108042"}, {"name": "FEDORA-2019-e4c8de3fb7", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/"}, {"name": "FEDORA-2019-e71f6f36ac", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/"}, {"name": "FEDORA-2019-b502250ba4", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/"}, {"name": "openSUSE-SU-2019:1342", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html"}, {"name": "openSUSE-SU-2019:1400", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html"}, {"name": "RHSA-2019:1278", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1278"}, {"name": "RHSA-2019:1279", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1279"}, {"name": "[debian-lts-announce] 20210106 [SECURITY] [DLA 2519-1] pacemaker security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html"}, {"name": "GLSA-202309-09", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-09"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clusterlabs:pacemaker:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9669517-04A1-4A9B-9146-03427B3EE78B", "versionEndIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en la forma en que se implement\u00f3 la autenticaci\u00f3n cliente-servidor del software Pacemaker, en versiones hasta la 2.0.0 inclusive. Un atacante local podr\u00eda utilizar este fallo, y combinarlo con otras debilidades del IPC, para lograr una escalada de privilegios locales."}], "id": "CVE-2018-16877", "lastModified": "2023-11-07T02:53:57.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-18T18:29:00.297", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/108042"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1278"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1279"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16877"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ClusterLabs/pacemaker/pull/1749"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-09"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3952-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Jan Pokorn\u00fd (Red Hat).", "affected_release": [{"advisory": "RHSA-2019:1278", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "pacemaker-0:1.1.19-8.el7_6.5", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-05-27T00:00:00Z"}, {"advisory": "RHSA-2019:1279", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pacemaker-0:2.0.1-4.el8_0.3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-05-27T00:00:00Z"}], "bugzilla": {"description": "pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc", "id": "1652646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652646"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-287", "details": ["A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.", "A flaw was found in the way pacemaker's client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation."], "name": "CVE-2018-16877", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "pacemaker", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Will not fix", "package_name": "pacemaker", "product_name": "Red Hat Storage 3"}], "public_date": "2019-04-17T04:30:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-16877\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16877"], "statement": "This is essentially a design level security flaw which can be combined with other flaws to achieve local privilege escalation for clusters running pacemaker. The attacker needs to have access to the cluster node running pacemaker (AV:L). The attacker can use easily use the design flaw via the confused deputy problem to run the exploit (AC:L), also needs to have login access to the pacemaker node to run the exploit (PR:L). \nDue to the elevated privileges obtained, there is an impact to the system beyond the pacemaker node itself (S:C). Lastly due to the attacker's ability to run arbitrary code as root, confidentiality, integrity, and availability of the system is affected. (CIA:H)", "threat_severity": "Important", "upstream_fix": "pacemaker 2.0.2-rc1"}