Wind River Support Network

HomeDefectsLIN1019-5632
Fixed

LIN1019-5632 : Security Advisory - pacemaker - CVE-2020-25654

Created: Nov 11, 2020    Updated: Dec 9, 2020
Resolved Date: Nov 22, 2020
Found In Version: 10.19.45.1
Fix Version: 10.19.45.14
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace

Description

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.

https://nvd.nist.gov/vuln/detail/CVE-2020-25654

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube