stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.
References
Link | Resource |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2010-2496 | Issue Tracking Mailing List Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2021-10-18T12:12:42
Updated: 2021-10-18T12:12:42
Reserved: 2010-06-28T00:00:00
Link: CVE-2010-2496
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-18T13:15:08.927
Modified: 2021-10-21T22:49:14.483
Link: CVE-2010-2496
JSON object: View
Redhat Information
No data.
CWE