1. CVE-Search
  2. CVE-2013-0281
ID CVE-2013-0281
Summary Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clusterlabs:pacemaker:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:clusterlabs:pacemaker:1.1.10:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1011618
title Slave roles inconsistent in pcs status xml (or crm_mon)
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment pacemaker is earlier than 0:1.1.10-14.el6
          oval oval:com.redhat.rhsa:tst:20131635001
        • comment pacemaker is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635002
      • AND
        • comment pacemaker-cli is earlier than 0:1.1.10-14.el6
          oval oval:com.redhat.rhsa:tst:20131635003
        • comment pacemaker-cli is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635004
      • AND
        • comment pacemaker-cluster-libs is earlier than 0:1.1.10-14.el6
          oval oval:com.redhat.rhsa:tst:20131635005
        • comment pacemaker-cluster-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635006
      • AND
        • comment pacemaker-cts is earlier than 0:1.1.10-14.el6
          oval oval:com.redhat.rhsa:tst:20131635007
        • comment pacemaker-cts is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635008
      • AND
        • comment pacemaker-doc is earlier than 0:1.1.10-14.el6
          oval oval:com.redhat.rhsa:tst:20131635009
        • comment pacemaker-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635010
      • AND
        • comment pacemaker-libs is earlier than 0:1.1.10-14.el6
          oval oval:com.redhat.rhsa:tst:20131635011
        • comment pacemaker-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635012
      • AND
        • comment pacemaker-libs-devel is earlier than 0:1.1.10-14.el6
          oval oval:com.redhat.rhsa:tst:20131635013
        • comment pacemaker-libs-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635014
      • AND
        • comment pacemaker-remote is earlier than 0:1.1.10-14.el6
          oval oval:com.redhat.rhsa:tst:20131635015
        • comment pacemaker-remote is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635016
rhsa
id RHSA-2013:1635
released 2013-11-20
severity Low
title RHSA-2013:1635: pacemaker security, bug fix, and enhancement update (Low)
rpms
  • pacemaker-0:1.1.10-14.el6
  • pacemaker-cli-0:1.1.10-14.el6
  • pacemaker-cluster-libs-0:1.1.10-14.el6
  • pacemaker-cts-0:1.1.10-14.el6
  • pacemaker-debuginfo-0:1.1.10-14.el6
  • pacemaker-doc-0:1.1.10-14.el6
  • pacemaker-libs-0:1.1.10-14.el6
  • pacemaker-libs-devel-0:1.1.10-14.el6
  • pacemaker-remote-0:1.1.10-14.el6
refmap via4
confirm
Last major update 22-04-2019 - 17:48
Published 23-11-2013 - 11:55
Last modified 22-04-2019 - 17:48
Back to Top