CVE-2018-16877
First published: Thu Nov 22 2018(Updated: )
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/pacemaker | <2.0.2 | 2.0.2 |
| ubuntu/pacemaker | <1.1.18-0ubuntu1.1 | 1.1.18-0ubuntu1.1 |
| ubuntu/pacemaker | <1.1.18-2ubuntu1.18.10.1 | 1.1.18-2ubuntu1.18.10.1 |
| ubuntu/pacemaker | <1.1.18-2ubuntu1.19.04.1 | 1.1.18-2ubuntu1.19.04.1 |
| ubuntu/pacemaker | <1.1.14-2ubuntu1.6 | 1.1.14-2ubuntu1.6 |
| Clusterlabs Pacemaker | <=2.0.0 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =18.10 | |
| Canonical Ubuntu Linux | =19.04 | |
| Fedoraproject Fedora | =28 | |
| Fedoraproject Fedora | =29 | |
| Fedoraproject Fedora | =30 | |
| Debian Debian Linux | =9.0 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =42.3 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux Eus | =8.1 | |
| Redhat Enterprise Linux Eus | =8.2 | |
| Redhat Enterprise Linux Eus | =8.4 | |
| Redhat Enterprise Linux Eus | =8.6 | |
| Redhat Enterprise Linux Server Aus | =8.2 | |
| Redhat Enterprise Linux Server Aus | =8.4 | |
| Redhat Enterprise Linux Server Aus | =8.6 | |
| Redhat Enterprise Linux Server Tus | =8.2 | |
| Redhat Enterprise Linux Server Tus | =8.4 | |
| Redhat Enterprise Linux Server Tus | =8.6 | |
| <=2.0.0 | ||
| =16.04 | ||
| =18.04 | ||
| =18.10 | ||
| =19.04 | ||
| =28 | ||
| =29 | ||
| =30 | ||
| =9.0 | ||
| =15.0 | ||
| =42.3 | ||
| =8.0 | ||
| =8.1 | ||
| =8.2 | ||
| =8.4 | ||
| =8.6 | ||
| =8.2 | ||
| =8.4 | ||
| =8.6 | ||
| =8.2 | ||
| =8.4 | ||
| =8.6 | ||
| debian/pacemaker | 2.0.1-5+deb10u2 2.0.1-5+deb10u1 2.0.5-2 2.1.5-1+deb12u1 2.1.6-4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/108042
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16877
- https://github.com/ClusterLabs/pacemaker/pull/1749
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/
- https://access.redhat.com/errata/RHSA-2019:1278
- https://access.redhat.com/errata/RHSA-2019:1279
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html
- https://usn.ubuntu.com/3952-1/
- https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html
- https://security.gentoo.org/glsa/202309-09
- https://launchpad.net/bugs/cve/CVE-2018-16877
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/
- https://en.wikipedia.org/wiki/Confused_deputy_problem
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1555734
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1555734&action=edit
- https://access.redhat.com/security/cve/CVE-2018-16877
- https://access.redhat.com/security/cve/CVE-2018-16878
- https://access.redhat.com/security/cve/CVE-2019-3885
- https://www.openwall.com/lists/oss-security/2019/04/17/1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1700737
- https://github.com/ClusterLabs/pacemaker/pull/1749/commits/970736b1c7ad5c78cc5295a4231e546104d55893
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1706306
- https://bugzilla.redhat.com/show_bug.cgi?id=1652646
- https://github.com/ClusterLabs/pacemaker/pull/1750
- https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html
- https://security-tracker.debian.org/tracker/CVE-2018-16877
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16877
- https://ubuntu.com/security/notices/USN-3952-1
- https://nvd.nist.gov/vuln/detail/CVE-2018-16877
- https://ubuntu.com/security/CVE-2018-16877
Frequently Asked Questions
What is CVE-2018-16877?
CVE-2018-16877 is a vulnerability in pacemaker's client-server authentication, allowing a local attacker to achieve local privilege escalation.
What is the severity of CVE-2018-16877?
CVE-2018-16877 has a severity rating of 7.8 (high).
Which software versions are affected by CVE-2018-16877?
Versions up to and including 2.0.0 of Clusterlabs Pacemaker, Canonical Ubuntu Linux 16.04, Ubuntu Linux 18.04, Ubuntu Linux 18.10, Ubuntu Linux 19.04, Fedora 28, Fedora 29, Fedora 30, Debian Debian Linux 9.0, openSUSE Leap 15.0, openSUSE Leap 42.3, Redhat Enterprise Linux 8.0, Redhat Enterprise Linux Eus 8.1, Redhat Enterprise Linux Eus 8.2, Redhat Enterprise Linux Eus 8.4, Redhat Enterprise Linux Eus 8.6, Redhat Enterprise Linux Server Aus 8.2, Redhat Enterprise Linux Server Aus 8.4, Redhat Enterprise Linux Server Aus 8.6, Redhat Enterprise Linux Server Tus 8.2, Redhat Enterprise Linux Server Tus 8.4, and Redhat Enterprise Linux Server Tus 8.6 are affected by CVE-2018-16877.
How can a local attacker exploit CVE-2018-16877?
A local attacker can exploit CVE-2018-16877 by combining the pacemaker vulnerability with other inter-process communication weaknesses to escalate their privileges.
How can I fix CVE-2018-16877?
To fix CVE-2018-16877, update pacemaker to version 2.0.2 or later for Red Hat systems, or version 1.1.14-2ubuntu1.6 or later for Ubuntu systems.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-api
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-16877
- collector/security-tracker-debian
- source/Debian
- collector/usn-cve
- source/Ubuntu
- vendor/clusterlabs
- canonical/clusterlabs pacemaker
- version/clusterlabs pacemaker/2.0.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/18.10
- version/canonical ubuntu linux/19.04
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/28
- version/fedoraproject fedora/29
- version/fedoraproject fedora/30
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/42.3
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/8.1
- version/redhat enterprise linux eus/8.2
- version/redhat enterprise linux eus/8.4
- version/redhat enterprise linux eus/8.6
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/8.2
- version/redhat enterprise linux server aus/8.4
- version/redhat enterprise linux server aus/8.6
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/8.2
- version/redhat enterprise linux server tus/8.4
- version/redhat enterprise linux server tus/8.6
- package-manager/redhat
- package-manager/debian
- package-manager/ubuntu