[ClusterLabs] Pacemaker security issues discovered and patched

Ken Gaillot kgaillot at redhat.com
Wed Apr 17 13:09:06 EDT 2019


Hello all,

Jan Pokorný of Red Hat discovered three security-related issues in
Pacemaker that have been publicly disclosed today.

The most significant is a privilege escalation vulnerability (assigned
CVE-2018-16877). An unprivileged attacker with local access to a
pacemaker node when pacemaker is not running can create a process
pretending to be a pacemaker subdaemon. When pacemaker starts, it will
accept the impostor as valid, and the impostor can then craft messages
to manipulate other pacemaker subdaemons into performing commands as
root.

The other two are less significant. A local attacker can exploit the
same vulnerability for denial-of-service (assigned CVE-2018-16878). An
unrelated use-after-free bug in the alerts code (assigned CVE-2019-
3885) could expose environment variables in the pacemaker log,
resulting in information disclosure of sensitive information kept in
environment variables to local users with permissions to access the
pacemaker log but not wherever the environment variables are set.

Pull requests patching these vulnerabilities for the master and 1.1
branches of pacemaker will be merged shortly:

https://github.com/ClusterLabs/pacemaker/pull/1749

https://github.com/ClusterLabs/pacemaker/pull/1750

Without the patches, a mitigation is to prevent local user access to
cluster nodes except for cluster administrators (which is the
recommended and most common deployment model).

Due to the stricter authentication now imposed, a new requirement
(unlikely to be of interest to most users) is that the hacluster user
and haclient group must exist before running the executor and fencer
regression tests.
-- 
Ken Gaillot <kgaillot at redhat.com>



More information about the Users mailing list