Bug 1177916 - (CVE-2020-25654) VUL-0: CVE-2020-25654: pacemaker: ACL restrictions bypass
(CVE-2020-25654)
VUL-0: CVE-2020-25654: pacemaker: ACL restrictions bypass
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Yan Gao
Security Team bot
https://smash.suse.de/issue/269715/
CVSSv3.1:SUSE:CVE-2020-25654:7.2:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-10-20 07:21 UTC by Wolfgang Frisch
Modified: 2022-04-28 13:05 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
abergmann: needinfo? (ygao)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 6 Wolfgang Frisch 2020-10-27 11:28:36 UTC
via oss-security:

Hi All,

Pacemaker is a high-availability cluster manager comprising multiple
daemon processes that interact with each other and with user requests
via IPC.

Users must either be root or in the haclient group to access Pacemaker
daemon IPC.

One of these daemons, pacemaker-based, manages the Pacemaker
configuration, known as the Cluster Information Base (CIB). Pacemaker
may be built with support for Access Control Lists (ACLs) in which case
pacemaker-based applies configured ACLs when processing user requests to
read or write any part of the configuration.

When ACLs are not in use, any user in the haclient group has full
access to the configuration, which effectively gives them the ability
to run any code as root. (This is intentional, as the point of a
cluster manager is to run arbitrary services.)

When ACLs are in use, users still must be in the haclient group, but
their read and write access to various parts of the configuration is
limited by configured ACLs.

The vulnerability is that users may use IPC communication with the
various daemons directly to perform certain tasks that they would be
prevented by ACLs from doing if they went through the configuration.
This is not difficult; Pacemaker provides command-line tools to send
many types of IPC requests.


More details along with patches is available at:
https://bugzilla.redhat.com/show_bug.cgi?id=1888191


-- 
Huzaifa Sidhpurwala / Red Hat Product Security
Comment 8 Swamp Workflow Management 2020-10-27 20:14:14 UTC
SUSE-SU-2020:3054-1: An update that solves one vulnerability, contains three features and has three fixes is now available.

Category: security (important)
Bug References: 1167171,1173668,1175557,1177916
CVE References: CVE-2020-25654
JIRA References: ECO-1611,SLE-12239,SLE-12240
Sources used:
SUSE Linux Enterprise High Availability 15-SP2 (src):    pacemaker-2.0.4+20200616.2deceaa3a-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2020-10-28 20:18:20 UTC
SUSE-SU-2020:3073-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1167171,1173668,1175557,1177916
CVE References: CVE-2020-25654
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 15-SP1 (src):    pacemaker-2.0.1+20190417.13d370ca9-3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2020-10-29 14:30:36 UTC
SUSE-SU-2020:3080-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1167171,1173668,1175557,1177916
CVE References: CVE-2020-25654
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 15 (src):    pacemaker-1.1.18+20180430.b12c320f5-3.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2020-10-29 17:16:33 UTC
SUSE-SU-2020:3086-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1167171,1173668,1175557,1177916
CVE References: CVE-2020-25654
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    pacemaker-1.1.23+20200622.28dd98fad-3.9.2
SUSE Linux Enterprise High Availability 12-SP5 (src):    pacemaker-1.1.23+20200622.28dd98fad-3.9.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2020-10-29 17:17:46 UTC
SUSE-SU-2020:3089-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1167171,1173668,1175557,1177916
CVE References: CVE-2020-25654
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP4 (src):    pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2020-10-29 20:21:20 UTC
SUSE-SU-2020:3094-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1167171,1173668,1175557,1177916
CVE References: CVE-2020-25654
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP3 (src):    pacemaker-1.1.16-6.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2020-10-31 05:17:49 UTC
openSUSE-SU-2020:1782-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1167171,1173668,1175557,1177916
CVE References: CVE-2020-25654
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    pacemaker-2.0.4+20200616.2deceaa3a-lp152.2.3.1
Comment 16 Swamp Workflow Management 2020-11-04 05:14:56 UTC
openSUSE-SU-2020:1825-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1167171,1173668,1175557,1177916
CVE References: CVE-2020-25654
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    pacemaker-2.0.1+20190417.13d370ca9-lp151.2.16.4
Comment 17 OBSbugzilla Bot 2020-12-07 09:40:08 UTC
This is an autogenerated message for OBS integration:
This bug (1177916) was mentioned in
https://build.opensuse.org/request/show/853534 Factory / pacemaker