{"id":"CVE-2016-7035","details":"An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.","modified":"2026-05-18T05:48:38.010084537Z","published":"2018-09-10T16:29:00.247Z","related":["SUSE-SU-2016:2869-1","SUSE-SU-2016:2974-1","SUSE-SU-2016:3162-1","openSUSE-SU-2024:10507-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_server","extracted_events":[{"last_affected":"6.0"},{"last_affected":"7.0"}]},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.3"},{"last_affected":"7.4"},{"last_affected":"7.5"},{"last_affected":"7.6"}],"vendor_product":"redhat:enterprise_linux_server_eus"}]},"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2614.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2675.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/11/03/5"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94214"},{"type":"ADVISORY","url":"https://github.com/ClusterLabs/pacemaker/commit/5d71e65049"},{"type":"ADVISORY","url":"https://lists.clusterlabs.org/pipermail/users/2016-November/004432.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201710-08"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7035"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/clusterlabs/pacemaker","events":[{"introduced":"0"},{"last_affected":"94ff4df51a55cc30d01843ea11b3292bac755432"}],"database_specific":{"cpe":"cpe:2.3:a:clusterlabs:pacemaker:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.1.16"}]}}],"versions":["Pacemaker-1.1.16-rc2","Pacemaker-1.1.16","Pacemaker-1.1.16-rc1","Pacemaker-1.1.15","Pacemaker-1.1.15-rc4","Pacemaker-1.1.15-rc3","Pacemaker-1.1.15-rc2","Pacemaker-1.1.15-rc1","Pacemaker-1.1.14","Pacemaker-1.1.14-rc5","Pacemaker-1.1.14-rc3","Pacemaker-1.1.14-rc2","Pacemaker-1.1.14-rc1","Pacemaker-1.1.13-rc1","Pacemaker-1.1.11-rc3","Pacemaker-1.1.11-rc1","Pacemaker-1.1.10","Pacemaker-1.1.10-rc7","Pacemaker-1.1.10-rc6","Pacemaker-1.1.10-rc5","Pacemaker-1.1.10-rc4","Pacemaker-1.1.10-rc3","Pacemaker-1.1.10-rc2","Pacemaker-1.1.10-rc1","Pacemaker-1.1.9","RHEL6.4","Pacemaker-1.1.8","Pacemaker-1.1.7","RHEL6.3","Pacemaker-1.1.6.1","Pacemaker-1.1.6","Pacemaker-0.6.5","Pacemaker-0.6.3","Pacemaker-0.6.2","Pacemaker-0.6.1","Pacemaker-0.6.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7035.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}