Bug 1002767 - (CVE-2016-7797) VUL-0: CVE-2016-7797: pacemaker: PCS remote nodes vulnerable to hijacking, resulting in a DoS attack
(CVE-2016-7797)
VUL-0: CVE-2016-7797: pacemaker: PCS remote nodes vulnerable to hijacking, re...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Yan Gao
Security Team bot
https://smash.suse.de/issue/173097/
CVSSv2:RedHat:CVE-2016-7797:7.1:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-04 12:21 UTC by Johannes Segitz
Modified: 2019-07-17 11:42 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-10-04 12:21:04 UTC
rh#1379784

If a corosync node is connected to a pacemaker_remote node, the
connection can be trivially killed simply by connecting to the remote on its
standard TCP port (typically 3121):

2016-02-18T18:06:45.258661+00:00 d52-54-77-77-77-01 crmd[2637]:    error:
Unexpected pacemaker_remote client takeover. Disconnecting

Takeover is allowed in order to support migration of the remote primitive from
one corosync node to another, but since this is a trivial denial of service
attack, it should only be allowed once a valid authkey is provided.

Upstream bug: http://bugs.clusterlabs.org/show_bug.cgi?id=5269

Upstream fix: https://github.com/ClusterLabs/pacemaker/commit/5ec24a26

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1379784
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7797
http://seclists.org/oss-sec/2016/q3/685
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7797.html
Comment 1 Yan Gao 2016-10-04 12:47:56 UTC
It was me who fixed the issue actually ;)

The fix has been submitted for our products. See also:
https://bugzilla.suse.com/show_bug.cgi?id=967388

But yes, it makes sense to mark it out with the CVE number in the changelogs.
Comment 3 Swamp Workflow Management 2016-11-22 14:04:01 UTC
SUSE-SU-2016:2869-1: An update that solves two vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1000743,1002767,1003565,1007433,967388,986644,987348
CVE References: CVE-2016-7035,CVE-2016-7797
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    pacemaker-1.1.15-21.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    pacemaker-1.1.15-21.1
Comment 4 Swamp Workflow Management 2016-12-01 17:13:35 UTC
openSUSE-SU-2016:2965-1: An update that solves two vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1000743,1002767,1003565,1007433,967388,986644,987348
CVE References: CVE-2016-7035,CVE-2016-7797
Sources used:
openSUSE Leap 42.2 (src):    pacemaker-1.1.15-5.1
Comment 5 Swamp Workflow Management 2016-12-02 15:12:15 UTC
SUSE-SU-2016:2974-1: An update that solves two vulnerabilities and has 7 fixes is now available.

Category: security (moderate)
Bug References: 1000743,1002767,1003565,1007433,1009076,967388,986644,987348,995365
CVE References: CVE-2016-7035,CVE-2016-7797
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    pacemaker-1.1.13-20.1
SUSE Linux Enterprise High Availability 12-SP1 (src):    pacemaker-1.1.13-20.1
Comment 6 Swamp Workflow Management 2016-12-12 18:15:14 UTC
openSUSE-SU-2016:3101-1: An update that solves two vulnerabilities and has 7 fixes is now available.

Category: security (moderate)
Bug References: 1000743,1002767,1003565,1007433,1009076,967388,986644,987348,995365
CVE References: CVE-2016-7035,CVE-2016-7797
Sources used:
openSUSE Leap 42.1 (src):    pacemaker-1.1.13-23.2
Comment 7 Swamp Workflow Management 2016-12-15 17:08:43 UTC
SUSE-SU-2016:3162-1: An update that solves two vulnerabilities and has 23 fixes is now available.

Category: security (moderate)
Bug References: 1000743,1002767,1003565,1007433,1009076,953192,970733,971129,972187,974108,975079,976271,976865,977258,977675,977800,981489,981731,986056,986201,986265,986644,986676,986931,987348
CVE References: CVE-2016-7035,CVE-2016-7797
Sources used:
SUSE Linux Enterprise High Availability Extension 11-SP4 (src):    pacemaker-1.1.12-18.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    pacemaker-1.1.12-18.1
Comment 10 Yan Gao 2019-07-17 11:42:24 UTC
Fix has been included in all the releases that are under general maintenance and LTSS. Closing this.