CVE-2016-7797

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
clusterlabspacemaker
𝑥
≤ 1.1.14
opensuseleap
42.2
opensuse_projectleap
42.1
redhatenterprise_linux_high_availability
7.0
redhatenterprise_linux_resilient_storage
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pacemaker
bookworm
2.1.5-1+deb12u1
fixed
bullseye
2.0.5-2
fixed
sid
2.1.8-1
fixed
trixie
2.1.8-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pacemaker
artful
not-affected
precise
ignored
trusty
dne
xenial
Fixed 1.1.14-2ubuntu1.2
released
yakkety
not-affected
zesty
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
pacemaker
RHEL 7
0:1.1.15-11.el7
fixed
pacemaker-cli
RHEL 7
0:1.1.15-11.el7
fixed
pacemaker-cluster-libs
RHEL 7
0:1.1.15-11.el7
fixed
pacemaker-cts
RHEL 7
0:1.1.15-11.el7
fixed
pacemaker-doc
RHEL 7
0:1.1.15-11.el7
fixed
pacemaker-libs
RHEL 7
0:1.1.15-11.el7
fixed
pacemaker-libs-devel
RHEL 7
0:1.1.15-11.el7
fixed
pacemaker-nagios-plugins-metadata
RHEL 7
0:1.1.15-11.el7
fixed
pacemaker-remote
RHEL 7
0:1.1.15-11.el7
fixed
Common Weakness Enumeration
References
http://bugs.clusterlabs.org/show_bug.cgi?id=5269
http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00001.html
http://lists.opensuse.org/opensuse-updates/2016-12/msg00077.html
http://rhn.redhat.com/errata/RHSA-2016-2578.html
http://www.openwall.com/lists/oss-security/2016/10/01/1
http://www.securityfocus.com/bid/93261
https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410
http://bugs.clusterlabs.org/show_bug.cgi?id=5269
http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00001.html
http://lists.opensuse.org/opensuse-updates/2016-12/msg00077.html
http://rhn.redhat.com/errata/RHSA-2016-2578.html
http://www.openwall.com/lists/oss-security/2016/10/01/1
http://www.securityfocus.com/bid/93261
https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410