RHEL 7 : pacemaker (RHSA-2016:2578)

high Nessus Plugin ID 94541

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2578 advisory.

The Pacemaker cluster resource manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure.

The following packages have been upgraded to a newer upstream version: pacemaker (1.1.15). (BZ#1304771)

Security Fix(es):

* It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service. (CVE-2016-7797)

Red Hat would like to thank Alain Moulle (ATOS/BULL) for reporting this issue.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?4165441c

http://www.nessus.org/u?e275c215

https://access.redhat.com/errata/RHSA-2016:2578

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1240330

https://bugzilla.redhat.com/show_bug.cgi?id=1268313

https://bugzilla.redhat.com/show_bug.cgi?id=1281450

https://bugzilla.redhat.com/show_bug.cgi?id=1284069

https://bugzilla.redhat.com/show_bug.cgi?id=1287315

https://bugzilla.redhat.com/show_bug.cgi?id=1288929

https://bugzilla.redhat.com/show_bug.cgi?id=1304771

https://bugzilla.redhat.com/show_bug.cgi?id=1310486

https://bugzilla.redhat.com/show_bug.cgi?id=1312094

https://bugzilla.redhat.com/show_bug.cgi?id=1314157

https://bugzilla.redhat.com/show_bug.cgi?id=1323544

https://bugzilla.redhat.com/show_bug.cgi?id=1327469

https://bugzilla.redhat.com/show_bug.cgi?id=1338623

https://bugzilla.redhat.com/show_bug.cgi?id=1345876

https://bugzilla.redhat.com/show_bug.cgi?id=1346726

https://bugzilla.redhat.com/show_bug.cgi?id=1361533

https://bugzilla.redhat.com/show_bug.cgi?id=1372009

https://bugzilla.redhat.com/show_bug.cgi?id=1379784

Plugin Details

Severity: High

ID: 94541

File Name: redhat-RHSA-2016-2578.nasl

Version: 2.12

Type: local

Agent: unix

Published: 11/4/2016

Updated: 11/4/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2016-7797

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:pacemaker-cts, p-cpe:/a:redhat:enterprise_linux:pacemaker-libs, p-cpe:/a:redhat:enterprise_linux:pacemaker-libs-devel, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:pacemaker-doc, p-cpe:/a:redhat:enterprise_linux:pacemaker-cluster-libs, p-cpe:/a:redhat:enterprise_linux:pacemaker-nagios-plugins-metadata, p-cpe:/a:redhat:enterprise_linux:pacemaker-cli, p-cpe:/a:redhat:enterprise_linux:pacemaker-remote, p-cpe:/a:redhat:enterprise_linux:pacemaker

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 11/3/2016

Vulnerability Publication Date: 3/24/2017

Reference Information

CVE: CVE-2016-7797

RHSA: 2016:2578