oss-sec mailing list archives
pcs: disclosure of CVE-2018-1079 and CVE-2018-1086
From: Cedric Buissart <cbuissar () redhat com>
Date: Mon, 9 Apr 2018 13:28:08 +0200
Hi all, This is to publicly disclose the following CVEs, rated as Medium and High. Affected product is pcs (Pacemaker command line interface and GUI, https://github.com/ClusterLabs/pcs) * [high] CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call It was found that the REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process. vulnerable since: support for booth file transfer was added (commit dc7089b1, v. 0.9.157) Patch attached * [medium] CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure: To prevent some information disclosure, pcsd actively removes '--debug' from command requested over the REST interface, but this can be bypassed. The information gained could then be used to gain higher privileges. Patch attached The CVE-2018-1079 issue was discovered by Ondrej Mular (Red Hat) and the CVE-2018-1086 issue was discovered by Cedric Buissart (Red Hat). -- Cedric Buissart, Product Security
Attachment:
CVE-2018-1079.patch
Description:
Attachment:
CVE-2018-1086.patch
Description:
Current thread:
- pcs: disclosure of CVE-2018-1079 and CVE-2018-1086 Cedric Buissart (Apr 09)