An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6711-1 advisory.

    Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could     possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:3121-1 advisory.

  - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history     (when crm is run) were able to execute commands via shell code injection to the crm history commandline,     potentially allowing escalation of privileges. (CVE-2020-35459)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1087-1 advisory.

  - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history     (when crm is run) were able to execute commands via shell code injection to the crm history commandline,     potentially allowing escalation of privileges. (CVE-2020-35459)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:2435-1 advisory.

  - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history     (when crm is run) were able to execute commands via shell code injection to the crm history commandline,     potentially allowing escalation of privileges. (CVE-2020-35459)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2435-1 advisory.

  - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history     (when crm is run) were able to execute commands via shell code injection to the crm history commandline,     potentially allowing escalation of privileges. (CVE-2020-35459)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:2239-1 advisory.

  - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history     (when crm is run) were able to execute commands via shell code injection to the crm history commandline,     potentially allowing escalation of privileges. (CVE-2020-35459)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:2238-1 advisory.

  - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history     (when crm is run) were able to execute commands via shell code injection to the crm history commandline,     potentially allowing escalation of privileges. (CVE-2020-35459)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for hawk2 fixes the following issues :

  - Update to version 2.6.3 :

  - Remove hawk_invoke and use capture3 instead of runas     (bsc#1179999)(CVE-2020-35459)

  - Remove unnecessary chmod (bsc#1182166)(CVE-2021-25314) 

  - Sanitize filename to contains whitelist of alphanumeric     (bsc#1182165)

This update was imported from the SUSE:SLE-15:Update update project.

This update for crmsh fixes the following issues :

  - Update to version 4.3.0+20210305.9db5c9a8 :

  - Fix: bootstrap: Adjust qdevice configure/remove process     to avoid race condition due to quorum lost(bsc#1181415)

  - Dev: cibconfig: remove related code about detecting     crm_diff support --no-verion

  - Fix: ui_configure: raise error when params not     exist(bsc#1180126)

  - Dev: doc: remove doc for crm node status

  - Dev: ui_node: remove status subcommand

  - Update to version 4.3.0+20210219.5d1bf034 :

  - Fix: hb_report: walk through hb_report process under     hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020,     bsc#1180571)

  - Fix: bootstrap: setup authorized ssh access for     hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020,     bsc#1180571)

  - Dev: analyze: Add analyze sublevel and put     preflight_check in it(jsc#ECO-1658)

  - Dev: utils: change default file mod as 644 for str2file     function

  - Dev: hb_report: Detect if any ocfs2 partitions exist

  - Dev: lock: give more specific error message when raise     ClaimLockError

  - Fix: Replace mktemp() to mkstemp() for security

  - Fix: Remove the duplicate --cov-report html in tox.

  - Fix: fix some lint issues.

  - Fix: Replace utils.msg_info to task.info

  - Fix: Solve a circular import error of utils.py

  - Fix: hb_report: run lsof with specific ocfs2     device(bsc#1180688)

  - Dev: corosync: change the permission of corosync.conf to     644

  - Fix: preflight_check: task: raise error when report_path     isn't a directory

  - Fix: bootstrap: Use class Watchdog to simplify watchdog     config(bsc#1154927, bsc#1178869)

  - Dev: Polish the sbd feature.

  - Dev: Replace -f with -c and run check when no parameter     provide.

  - Fix: Fix the yes option not working

  - Fix: Remove useless import and show help when no input.

  - Dev: Correct SBD device id inconsistenc during ASR

  - Fix: completers: return complete start/stop resource id     list correctly(bsc#1180137)

  - Dev: Makefile.am: change makefile to integrate     preflight_check

  - Medium: integrate preflight_check into     crmsh(jsc#ECO-1658)

  - Fix: bootstrap: make sure sbd device UUID was the same     between nodes(bsc#1178454)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

It was discovered that there was an in issue in the command-line tool for the Pacemaker High Availability stack. Local attackers were able to execute commands via shell code injection to the 'crm history' command-line tool, potentially allowing escalation of privileges.

For Debian 9 'Stretch', this problem has been fixed in version 2.3.2-4+deb9u1.

We recommend that you upgrade your crmsh packages.

For the detailed security status of crmsh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/crmsh

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for crmsh fixes the following issue :

  - CVE-2020-35459: Fixed a privilege escalation in     hawk_invoke (bsc#1179999).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

This update for crmsh fixes the following issue :

  - CVE-2020-35459: Fixed a privilege escalation in     hawk_invoke (bsc#1179999).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

ID	Name	Product	Family	Severity
192534	Ubuntu 20.04 LTS : CRM shell vulnerability (USN-6711-1)	Nessus	Ubuntu Local Security Checks	high
153464	SUSE SLES12 Security Update : crmsh (SUSE-SU-2021:3121-1)	Nessus	SuSE Local Security Checks	high
152063	openSUSE 15 Security Update : crmsh (openSUSE-SU-2021:1087-1)	Nessus	SuSE Local Security Checks	high
151983	SUSE SLES15 Security Update : crmsh (SUSE-SU-2021:2435-1)	Nessus	SuSE Local Security Checks	high
151941	openSUSE 15 Security Update : crmsh (openSUSE-SU-2021:2435-1)	Nessus	SuSE Local Security Checks	high
151356	SUSE SLES15 Security Update : crmsh (SUSE-SU-2021:2239-1)	Nessus	SuSE Local Security Checks	high
151354	SUSE SLES15 Security Update : crmsh (SUSE-SU-2021:2238-1)	Nessus	SuSE Local Security Checks	high
148179	openSUSE Security Update : hawk2 (openSUSE-2021-473)	Nessus	SuSE Local Security Checks	high
147780	openSUSE Security Update : crmsh (openSUSE-2021-410)	Nessus	SuSE Local Security Checks	high
145437	Debian DLA-2533-1 : crmsh security update	Nessus	Debian Local Security Checks	high
145312	openSUSE Security Update : crmsh (openSUSE-2021-73)	Nessus	SuSE Local Security Checks	high
145298	openSUSE Security Update : crmsh (openSUSE-2021-55)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2020-35459

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high