Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-1848 (GCVE-0-2015-1848)
Vulnerability from cvelistv5
Published
2015-05-14 14:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:54:16.367Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2015:0990", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0990.html", }, { name: "FEDORA-2015-8761", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/attachment.cgi?id=1009855", }, { name: "RHSA-2015:0980", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0980.html", }, { name: "FEDORA-2015-8765", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html", }, { name: "FEDORA-2015-8788", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html", }, { name: "74623", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/74623", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-12T00:00:00", descriptions: [ { lang: "en", value: "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-29T18:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2015:0990", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0990.html", }, { name: "FEDORA-2015-8761", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/attachment.cgi?id=1009855", }, { name: "RHSA-2015:0980", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0980.html", }, { name: "FEDORA-2015-8765", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html", }, { name: "FEDORA-2015-8788", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html", }, { name: "74623", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/74623", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-1848", datePublished: "2015-05-14T14:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:54:16.367Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.9.137\", \"matchCriteriaId\": \"E8A6579C-9633-4842-972F-4392053D9D73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ACB0BE-6736-4644-86B1-77AA9E5B8AEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F92715C0-6341-4617-9F61-C87907D1C3F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:6.6.z:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01885365-42EB-4519-B331-B30CE1D5968B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF7EA768-C917-4A14-B599-B8615A532B18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B284C97C-AEF7-4431-8A02-E0EA5B991FE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F66BE726-A258-42D7-B23A-925F50FDF449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:6.6.z:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC8BA03B-6E9A-46DC-B979-B8C522269F15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94594B19-900E-4F56-BDB8-3C9681656C84\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.\"}, {\"lang\": \"es\", \"value\": \"El demonio pcs (pcsd) en PCS 0.9.137 y anteriores no establece el indicador de seguridad en una cookie de sesi\\u00f3n https, lo cual hace m\\u00e1s f\\u00e1cil a atacantes remotos capturar dicha cookie interceptando la transmisi\\u00f3n dentro de una sesi\\u00f3n http. NOTA: este problema ha sido dividido (SPLIT) por ADT2 debido a diferentes tipos de vulnerabilidad. CVE-2015-3983 es para el problema con no configurar el indicador HTTPOnly.\"}]", id: "CVE-2015-1848", lastModified: "2024-11-21T02:26:15.890", metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2015-05-14T14:59:07.897", references: "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0980.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0990.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74623\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/attachment.cgi?id=1009855\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0980.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0990.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74623\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/attachment.cgi?id=1009855\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}]", sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2015-1848\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-05-14T14:59:07.897\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.\"},{\"lang\":\"es\",\"value\":\"El demonio pcs (pcsd) en PCS 0.9.137 y anteriores no establece el indicador de seguridad en una cookie de sesión https, lo cual hace más fácil a atacantes remotos capturar dicha cookie interceptando la transmisión dentro de una sesión http. NOTA: este problema ha sido dividido (SPLIT) por ADT2 debido a diferentes tipos de vulnerabilidad. CVE-2015-3983 es para el problema con no configurar el indicador HTTPOnly.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.9.137\",\"matchCriteriaId\":\"E8A6579C-9633-4842-972F-4392053D9D73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ACB0BE-6736-4644-86B1-77AA9E5B8AEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F92715C0-6341-4617-9F61-C87907D1C3F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:6.6.z:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01885365-42EB-4519-B331-B30CE1D5968B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF7EA768-C917-4A14-B599-B8615A532B18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B284C97C-AEF7-4431-8A02-E0EA5B991FE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F66BE726-A258-42D7-B23A-925F50FDF449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:6.6.z:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC8BA03B-6E9A-46DC-B979-B8C522269F15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94594B19-900E-4F56-BDB8-3C9681656C84\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0980.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0990.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74623\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/attachment.cgi?id=1009855\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0980.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0990.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74623\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/attachment.cgi?id=1009855\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]}]}}", }, }
rhsa-2015_0990
Vulnerability from csaf_redhat
Published
2015-05-12 17:59
Modified
2024-11-22 09:06
Summary
Red Hat Security Advisory: pcs security and bug fix update
Notes
Topic
Updated pcs packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
The pcs packages provide a command-line tool and a web UI to configure and
manage the Pacemaker and Corosync tools.
It was found that the pcs daemon did not sign cookies containing session
data that were sent to clients connecting via the pcsd web UI. A remote
attacker could use this flaw to forge cookies and bypass authorization
checks, possibly gaining elevated privileges in the pcsd web UI. Note: the
pcsd web UI is not enabled by default. (CVE-2015-1848)
This issue was discovered by Tomas Jelinek of Red Hat.
This update also fixes the following bug:
* When the IPv6 protocol was disabled on a system, starting the pcsd daemon
on this system previously failed. This update adds the ability for pcsd to
fall back to IPv4 when IPv6 is not available. As a result, pcsd starts
properly and uses IPv4 if IPv6 is disabled. (BZ#1212115)
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the pcsd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated pcs packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.", title: "Topic", }, { category: "general", text: "The pcs packages provide a command-line tool and a web UI to configure and\nmanage the Pacemaker and Corosync tools.\n\nIt was found that the pcs daemon did not sign cookies containing session\ndata that were sent to clients connecting via the pcsd web UI. A remote\nattacker could use this flaw to forge cookies and bypass authorization\nchecks, possibly gaining elevated privileges in the pcsd web UI. Note: the\npcsd web UI is not enabled by default. (CVE-2015-1848)\n\nThis issue was discovered by Tomas Jelinek of Red Hat.\n\nThis update also fixes the following bug:\n\n* When the IPv6 protocol was disabled on a system, starting the pcsd daemon\non this system previously failed. This update adds the ability for pcsd to\nfall back to IPv4 when IPv6 is not available. As a result, pcsd starts\nproperly and uses IPv4 if IPv6 is disabled. (BZ#1212115)\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the pcsd daemon will be restarted automatically.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:0990", url: "https://access.redhat.com/errata/RHSA-2015:0990", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0990.json", }, ], title: "Red Hat Security Advisory: pcs security and bug fix update", tracking: { current_release_date: "2024-11-22T09:06:13+00:00", generator: { date: "2024-11-22T09:06:13+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:0990", initial_release_date: "2015-05-12T17:59:13+00:00", revision_history: [ { date: "2015-05-12T17:59:13+00:00", number: "1", summary: "Initial version", }, { date: "2015-05-12T17:59:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T09:06:13+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux High Availability (v. 6)", product: { name: "Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Resilient Storage (v. 6)", product: { name: "Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", product: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", product_id: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/pcs-debuginfo@0.9.123-9.el6_6.2?arch=i686", }, }, }, { category: "product_version", name: "pcs-0:0.9.123-9.el6_6.2.i686", product: { name: "pcs-0:0.9.123-9.el6_6.2.i686", product_id: "pcs-0:0.9.123-9.el6_6.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "pcs-0:0.9.123-9.el6_6.2.src", product: { name: "pcs-0:0.9.123-9.el6_6.2.src", product_id: "pcs-0:0.9.123-9.el6_6.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", product: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", product_id: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs-debuginfo@0.9.123-9.el6_6.2?arch=x86_64", }, }, }, { category: "product_version", name: "pcs-0:0.9.123-9.el6_6.2.x86_64", product: { name: "pcs-0:0.9.123-9.el6_6.2.x86_64", product_id: "pcs-0:0.9.123-9.el6_6.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.src as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.src", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.src", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-1848", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-1848", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-1848", url: "https://www.cve.org/CVERecord?id=CVE-2015-1848", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T17:59:13+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0990", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-3983", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3983", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3983", url: "https://www.cve.org/CVERecord?id=CVE-2015-3983", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T17:59:13+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0990", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, ], }
RHSA-2015:0980
Vulnerability from csaf_redhat
Published
2015-05-12 15:44
Modified
2024-11-22 09:06
Summary
Red Hat Security Advisory: pcs security and bug fix update
Notes
Topic
Updated pcs packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
The pcs packages provide a command-line tool and a web UI to configure and
manage the Pacemaker and Corosync tools.
It was found that the pcs daemon did not sign cookies containing session
data that were sent to clients connecting via the pcsd web UI. A remote
attacker could use this flaw to forge cookies and bypass authorization
checks, possibly gaining elevated privileges in the pcsd web UI.
(CVE-2015-1848)
This issue was discovered by Tomas Jelinek of Red Hat.
This update also fixes the following bug:
* Previously, the Corosync tool allowed the two_node option and the
auto_tie_breaker option to exist in the corosync.conf file at the same
time. As a consequence, if both options were included, auto_tie_breaker was
silently ignored and the two_node fence race decided which node would
survive in the event of a communication break. With this update, the pcs
daemon has been fixed so that it does not produce corosync.conf files with
both two_node and auto_tie_breaker included. In addition, if both two_node
and auto_tie_breaker are detected in corosync.conf, Corosync issues a
message at start-up and disables two_node mode. As a result,
auto_tie_breaker effectively overrides two_node mode if both options are
specified. (BZ#1205848)
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the pcsd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated pcs packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.", title: "Topic", }, { category: "general", text: "The pcs packages provide a command-line tool and a web UI to configure and\nmanage the Pacemaker and Corosync tools.\n\nIt was found that the pcs daemon did not sign cookies containing session\ndata that were sent to clients connecting via the pcsd web UI. A remote\nattacker could use this flaw to forge cookies and bypass authorization\nchecks, possibly gaining elevated privileges in the pcsd web UI.\n(CVE-2015-1848)\n\nThis issue was discovered by Tomas Jelinek of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the Corosync tool allowed the two_node option and the\nauto_tie_breaker option to exist in the corosync.conf file at the same\ntime. As a consequence, if both options were included, auto_tie_breaker was\nsilently ignored and the two_node fence race decided which node would\nsurvive in the event of a communication break. With this update, the pcs\ndaemon has been fixed so that it does not produce corosync.conf files with\nboth two_node and auto_tie_breaker included. In addition, if both two_node\nand auto_tie_breaker are detected in corosync.conf, Corosync issues a\nmessage at start-up and disables two_node mode. As a result,\nauto_tie_breaker effectively overrides two_node mode if both options are\nspecified. (BZ#1205848)\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the pcsd daemon will be restarted automatically.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:0980", url: "https://access.redhat.com/errata/RHSA-2015:0980", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0980.json", }, ], title: "Red Hat Security Advisory: pcs security and bug fix update", tracking: { current_release_date: "2024-11-22T09:06:19+00:00", generator: { date: "2024-11-22T09:06:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:0980", initial_release_date: "2015-05-12T15:44:49+00:00", revision_history: [ { date: "2015-05-12T15:44:49+00:00", number: "1", summary: "Initial version", }, { date: "2015-05-12T15:44:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T09:06:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Server High Availability (v. 7)", product: { name: "Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product: { name: "Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "pcs-0:0.9.137-13.el7_1.2.x86_64", product: { name: "pcs-0:0.9.137-13.el7_1.2.x86_64", product_id: "pcs-0:0.9.137-13.el7_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", product: { name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", product_id: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs-debuginfo@0.9.137-13.el7_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", product: { name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", product_id: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python-clufter@0.9.137-13.el7_1.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "pcs-0:0.9.137-13.el7_1.2.src", product: { name: "pcs-0:0.9.137-13.el7_1.2.src", product_id: "pcs-0:0.9.137-13.el7_1.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.src as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.src", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.src as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.src", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-1848", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-1848", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-1848", url: "https://www.cve.org/CVERecord?id=CVE-2015-1848", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T15:44:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0980", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-3983", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3983", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3983", url: "https://www.cve.org/CVERecord?id=CVE-2015-3983", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T15:44:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0980", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, ], }
rhsa-2015:0980
Vulnerability from csaf_redhat
Published
2015-05-12 15:44
Modified
2024-11-22 09:06
Summary
Red Hat Security Advisory: pcs security and bug fix update
Notes
Topic
Updated pcs packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
The pcs packages provide a command-line tool and a web UI to configure and
manage the Pacemaker and Corosync tools.
It was found that the pcs daemon did not sign cookies containing session
data that were sent to clients connecting via the pcsd web UI. A remote
attacker could use this flaw to forge cookies and bypass authorization
checks, possibly gaining elevated privileges in the pcsd web UI.
(CVE-2015-1848)
This issue was discovered by Tomas Jelinek of Red Hat.
This update also fixes the following bug:
* Previously, the Corosync tool allowed the two_node option and the
auto_tie_breaker option to exist in the corosync.conf file at the same
time. As a consequence, if both options were included, auto_tie_breaker was
silently ignored and the two_node fence race decided which node would
survive in the event of a communication break. With this update, the pcs
daemon has been fixed so that it does not produce corosync.conf files with
both two_node and auto_tie_breaker included. In addition, if both two_node
and auto_tie_breaker are detected in corosync.conf, Corosync issues a
message at start-up and disables two_node mode. As a result,
auto_tie_breaker effectively overrides two_node mode if both options are
specified. (BZ#1205848)
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the pcsd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated pcs packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.", title: "Topic", }, { category: "general", text: "The pcs packages provide a command-line tool and a web UI to configure and\nmanage the Pacemaker and Corosync tools.\n\nIt was found that the pcs daemon did not sign cookies containing session\ndata that were sent to clients connecting via the pcsd web UI. A remote\nattacker could use this flaw to forge cookies and bypass authorization\nchecks, possibly gaining elevated privileges in the pcsd web UI.\n(CVE-2015-1848)\n\nThis issue was discovered by Tomas Jelinek of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the Corosync tool allowed the two_node option and the\nauto_tie_breaker option to exist in the corosync.conf file at the same\ntime. As a consequence, if both options were included, auto_tie_breaker was\nsilently ignored and the two_node fence race decided which node would\nsurvive in the event of a communication break. With this update, the pcs\ndaemon has been fixed so that it does not produce corosync.conf files with\nboth two_node and auto_tie_breaker included. In addition, if both two_node\nand auto_tie_breaker are detected in corosync.conf, Corosync issues a\nmessage at start-up and disables two_node mode. As a result,\nauto_tie_breaker effectively overrides two_node mode if both options are\nspecified. (BZ#1205848)\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the pcsd daemon will be restarted automatically.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:0980", url: "https://access.redhat.com/errata/RHSA-2015:0980", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0980.json", }, ], title: "Red Hat Security Advisory: pcs security and bug fix update", tracking: { current_release_date: "2024-11-22T09:06:19+00:00", generator: { date: "2024-11-22T09:06:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:0980", initial_release_date: "2015-05-12T15:44:49+00:00", revision_history: [ { date: "2015-05-12T15:44:49+00:00", number: "1", summary: "Initial version", }, { date: "2015-05-12T15:44:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T09:06:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Server High Availability (v. 7)", product: { name: "Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product: { name: "Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "pcs-0:0.9.137-13.el7_1.2.x86_64", product: { name: "pcs-0:0.9.137-13.el7_1.2.x86_64", product_id: "pcs-0:0.9.137-13.el7_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", product: { name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", product_id: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs-debuginfo@0.9.137-13.el7_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", product: { name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", product_id: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python-clufter@0.9.137-13.el7_1.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "pcs-0:0.9.137-13.el7_1.2.src", product: { name: "pcs-0:0.9.137-13.el7_1.2.src", product_id: "pcs-0:0.9.137-13.el7_1.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.src as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.src", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.src as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.src", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-1848", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-1848", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-1848", url: "https://www.cve.org/CVERecord?id=CVE-2015-1848", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T15:44:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0980", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-3983", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3983", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3983", url: "https://www.cve.org/CVERecord?id=CVE-2015-3983", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T15:44:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0980", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, ], }
rhsa-2015:0990
Vulnerability from csaf_redhat
Published
2015-05-12 17:59
Modified
2024-11-22 09:06
Summary
Red Hat Security Advisory: pcs security and bug fix update
Notes
Topic
Updated pcs packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
The pcs packages provide a command-line tool and a web UI to configure and
manage the Pacemaker and Corosync tools.
It was found that the pcs daemon did not sign cookies containing session
data that were sent to clients connecting via the pcsd web UI. A remote
attacker could use this flaw to forge cookies and bypass authorization
checks, possibly gaining elevated privileges in the pcsd web UI. Note: the
pcsd web UI is not enabled by default. (CVE-2015-1848)
This issue was discovered by Tomas Jelinek of Red Hat.
This update also fixes the following bug:
* When the IPv6 protocol was disabled on a system, starting the pcsd daemon
on this system previously failed. This update adds the ability for pcsd to
fall back to IPv4 when IPv6 is not available. As a result, pcsd starts
properly and uses IPv4 if IPv6 is disabled. (BZ#1212115)
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the pcsd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated pcs packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.", title: "Topic", }, { category: "general", text: "The pcs packages provide a command-line tool and a web UI to configure and\nmanage the Pacemaker and Corosync tools.\n\nIt was found that the pcs daemon did not sign cookies containing session\ndata that were sent to clients connecting via the pcsd web UI. A remote\nattacker could use this flaw to forge cookies and bypass authorization\nchecks, possibly gaining elevated privileges in the pcsd web UI. Note: the\npcsd web UI is not enabled by default. (CVE-2015-1848)\n\nThis issue was discovered by Tomas Jelinek of Red Hat.\n\nThis update also fixes the following bug:\n\n* When the IPv6 protocol was disabled on a system, starting the pcsd daemon\non this system previously failed. This update adds the ability for pcsd to\nfall back to IPv4 when IPv6 is not available. As a result, pcsd starts\nproperly and uses IPv4 if IPv6 is disabled. (BZ#1212115)\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the pcsd daemon will be restarted automatically.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:0990", url: "https://access.redhat.com/errata/RHSA-2015:0990", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0990.json", }, ], title: "Red Hat Security Advisory: pcs security and bug fix update", tracking: { current_release_date: "2024-11-22T09:06:13+00:00", generator: { date: "2024-11-22T09:06:13+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:0990", initial_release_date: "2015-05-12T17:59:13+00:00", revision_history: [ { date: "2015-05-12T17:59:13+00:00", number: "1", summary: "Initial version", }, { date: "2015-05-12T17:59:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T09:06:13+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux High Availability (v. 6)", product: { name: "Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Resilient Storage (v. 6)", product: { name: "Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", product: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", product_id: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/pcs-debuginfo@0.9.123-9.el6_6.2?arch=i686", }, }, }, { category: "product_version", name: "pcs-0:0.9.123-9.el6_6.2.i686", product: { name: "pcs-0:0.9.123-9.el6_6.2.i686", product_id: "pcs-0:0.9.123-9.el6_6.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "pcs-0:0.9.123-9.el6_6.2.src", product: { name: "pcs-0:0.9.123-9.el6_6.2.src", product_id: "pcs-0:0.9.123-9.el6_6.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", product: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", product_id: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs-debuginfo@0.9.123-9.el6_6.2?arch=x86_64", }, }, }, { category: "product_version", name: "pcs-0:0.9.123-9.el6_6.2.x86_64", product: { name: "pcs-0:0.9.123-9.el6_6.2.x86_64", product_id: "pcs-0:0.9.123-9.el6_6.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.src as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.src", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.src", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-1848", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-1848", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-1848", url: "https://www.cve.org/CVERecord?id=CVE-2015-1848", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T17:59:13+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0990", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-3983", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3983", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3983", url: "https://www.cve.org/CVERecord?id=CVE-2015-3983", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T17:59:13+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0990", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, ], }
RHSA-2015:0990
Vulnerability from csaf_redhat
Published
2015-05-12 17:59
Modified
2024-11-22 09:06
Summary
Red Hat Security Advisory: pcs security and bug fix update
Notes
Topic
Updated pcs packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
The pcs packages provide a command-line tool and a web UI to configure and
manage the Pacemaker and Corosync tools.
It was found that the pcs daemon did not sign cookies containing session
data that were sent to clients connecting via the pcsd web UI. A remote
attacker could use this flaw to forge cookies and bypass authorization
checks, possibly gaining elevated privileges in the pcsd web UI. Note: the
pcsd web UI is not enabled by default. (CVE-2015-1848)
This issue was discovered by Tomas Jelinek of Red Hat.
This update also fixes the following bug:
* When the IPv6 protocol was disabled on a system, starting the pcsd daemon
on this system previously failed. This update adds the ability for pcsd to
fall back to IPv4 when IPv6 is not available. As a result, pcsd starts
properly and uses IPv4 if IPv6 is disabled. (BZ#1212115)
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the pcsd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated pcs packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.", title: "Topic", }, { category: "general", text: "The pcs packages provide a command-line tool and a web UI to configure and\nmanage the Pacemaker and Corosync tools.\n\nIt was found that the pcs daemon did not sign cookies containing session\ndata that were sent to clients connecting via the pcsd web UI. A remote\nattacker could use this flaw to forge cookies and bypass authorization\nchecks, possibly gaining elevated privileges in the pcsd web UI. Note: the\npcsd web UI is not enabled by default. (CVE-2015-1848)\n\nThis issue was discovered by Tomas Jelinek of Red Hat.\n\nThis update also fixes the following bug:\n\n* When the IPv6 protocol was disabled on a system, starting the pcsd daemon\non this system previously failed. This update adds the ability for pcsd to\nfall back to IPv4 when IPv6 is not available. As a result, pcsd starts\nproperly and uses IPv4 if IPv6 is disabled. (BZ#1212115)\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the pcsd daemon will be restarted automatically.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:0990", url: "https://access.redhat.com/errata/RHSA-2015:0990", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0990.json", }, ], title: "Red Hat Security Advisory: pcs security and bug fix update", tracking: { current_release_date: "2024-11-22T09:06:13+00:00", generator: { date: "2024-11-22T09:06:13+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:0990", initial_release_date: "2015-05-12T17:59:13+00:00", revision_history: [ { date: "2015-05-12T17:59:13+00:00", number: "1", summary: "Initial version", }, { date: "2015-05-12T17:59:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T09:06:13+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux High Availability (v. 6)", product: { name: "Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Resilient Storage (v. 6)", product: { name: "Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", product: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", product_id: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/pcs-debuginfo@0.9.123-9.el6_6.2?arch=i686", }, }, }, { category: "product_version", name: "pcs-0:0.9.123-9.el6_6.2.i686", product: { name: "pcs-0:0.9.123-9.el6_6.2.i686", product_id: "pcs-0:0.9.123-9.el6_6.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "pcs-0:0.9.123-9.el6_6.2.src", product: { name: "pcs-0:0.9.123-9.el6_6.2.src", product_id: "pcs-0:0.9.123-9.el6_6.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", product: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", product_id: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs-debuginfo@0.9.123-9.el6_6.2?arch=x86_64", }, }, }, { category: "product_version", name: "pcs-0:0.9.123-9.el6_6.2.x86_64", product: { name: "pcs-0:0.9.123-9.el6_6.2.x86_64", product_id: "pcs-0:0.9.123-9.el6_6.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.src as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.src", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)", product_id: "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-HighAvailability-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.src", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)", product_id: "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", relates_to_product_reference: "6Server-ResilientStorage-6.6.z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-1848", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-1848", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-1848", url: "https://www.cve.org/CVERecord?id=CVE-2015-1848", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T17:59:13+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0990", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-3983", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3983", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3983", url: "https://www.cve.org/CVERecord?id=CVE-2015-3983", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T17:59:13+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0990", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src", "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686", "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, ], }
rhsa-2015_0980
Vulnerability from csaf_redhat
Published
2015-05-12 15:44
Modified
2024-11-22 09:06
Summary
Red Hat Security Advisory: pcs security and bug fix update
Notes
Topic
Updated pcs packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
The pcs packages provide a command-line tool and a web UI to configure and
manage the Pacemaker and Corosync tools.
It was found that the pcs daemon did not sign cookies containing session
data that were sent to clients connecting via the pcsd web UI. A remote
attacker could use this flaw to forge cookies and bypass authorization
checks, possibly gaining elevated privileges in the pcsd web UI.
(CVE-2015-1848)
This issue was discovered by Tomas Jelinek of Red Hat.
This update also fixes the following bug:
* Previously, the Corosync tool allowed the two_node option and the
auto_tie_breaker option to exist in the corosync.conf file at the same
time. As a consequence, if both options were included, auto_tie_breaker was
silently ignored and the two_node fence race decided which node would
survive in the event of a communication break. With this update, the pcs
daemon has been fixed so that it does not produce corosync.conf files with
both two_node and auto_tie_breaker included. In addition, if both two_node
and auto_tie_breaker are detected in corosync.conf, Corosync issues a
message at start-up and disables two_node mode. As a result,
auto_tie_breaker effectively overrides two_node mode if both options are
specified. (BZ#1205848)
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the pcsd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated pcs packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.", title: "Topic", }, { category: "general", text: "The pcs packages provide a command-line tool and a web UI to configure and\nmanage the Pacemaker and Corosync tools.\n\nIt was found that the pcs daemon did not sign cookies containing session\ndata that were sent to clients connecting via the pcsd web UI. A remote\nattacker could use this flaw to forge cookies and bypass authorization\nchecks, possibly gaining elevated privileges in the pcsd web UI.\n(CVE-2015-1848)\n\nThis issue was discovered by Tomas Jelinek of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the Corosync tool allowed the two_node option and the\nauto_tie_breaker option to exist in the corosync.conf file at the same\ntime. As a consequence, if both options were included, auto_tie_breaker was\nsilently ignored and the two_node fence race decided which node would\nsurvive in the event of a communication break. With this update, the pcs\ndaemon has been fixed so that it does not produce corosync.conf files with\nboth two_node and auto_tie_breaker included. In addition, if both two_node\nand auto_tie_breaker are detected in corosync.conf, Corosync issues a\nmessage at start-up and disables two_node mode. As a result,\nauto_tie_breaker effectively overrides two_node mode if both options are\nspecified. (BZ#1205848)\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the pcsd daemon will be restarted automatically.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:0980", url: "https://access.redhat.com/errata/RHSA-2015:0980", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0980.json", }, ], title: "Red Hat Security Advisory: pcs security and bug fix update", tracking: { current_release_date: "2024-11-22T09:06:19+00:00", generator: { date: "2024-11-22T09:06:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:0980", initial_release_date: "2015-05-12T15:44:49+00:00", revision_history: [ { date: "2015-05-12T15:44:49+00:00", number: "1", summary: "Initial version", }, { date: "2015-05-12T15:44:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T09:06:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Server High Availability (v. 7)", product: { name: "Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product: { name: "Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "pcs-0:0.9.137-13.el7_1.2.x86_64", product: { name: "pcs-0:0.9.137-13.el7_1.2.x86_64", product_id: "pcs-0:0.9.137-13.el7_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", product: { name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", product_id: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcs-debuginfo@0.9.137-13.el7_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", product: { name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", product_id: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python-clufter@0.9.137-13.el7_1.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "pcs-0:0.9.137-13.el7_1.2.src", product: { name: "pcs-0:0.9.137-13.el7_1.2.src", product_id: "pcs-0:0.9.137-13.el7_1.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.src as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.src", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", product_id: "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-HighAvailability-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.src as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.src", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, { category: "default_component_of", full_product_name: { name: "python-clufter-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", product_id: "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", }, product_reference: "python-clufter-0:0.9.137-13.el7_1.2.x86_64", relates_to_product_reference: "7Server-ResilientStorage-7.1.Z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-1848", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-1848", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-1848", url: "https://www.cve.org/CVERecord?id=CVE-2015-1848", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T15:44:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0980", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, { acknowledgments: [ { names: [ "Tomas Jelinek", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2015-3983", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2015-03-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1208294", }, ], notes: [ { category: "description", text: "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.", title: "Vulnerability description", }, { category: "summary", text: "pcs: improper web session variable signing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3983", }, { category: "external", summary: "RHBZ#1208294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3983", url: "https://www.cve.org/CVERecord?id=CVE-2015-3983", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3983", }, ], release_date: "2015-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-05-12T15:44:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:0980", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src", "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64", "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcs: improper web session variable signing", }, ], }
ghsa-wqr4-6q63-33fp
Vulnerability from github
Published
2022-05-17 03:12
Modified
2022-05-17 03:12
Details
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
{ affected: [], aliases: [ "CVE-2015-1848", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2015-05-14T14:59:00Z", severity: "MODERATE", }, details: "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.", id: "GHSA-wqr4-6q63-33fp", modified: "2022-05-17T03:12:23Z", published: "2022-05-17T03:12:23Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-1848", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2015:0980", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2015:0990", }, { type: "WEB", url: "https://access.redhat.com/security/cve/CVE-2015-1848", }, { type: "WEB", url: "https://bugzilla.redhat.com/attachment.cgi?id=1009855", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208294", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2015-0980.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2015-0990.html", }, { type: "WEB", url: "http://www.securityfocus.com/bid/74623", }, ], schema_version: "1.4.0", severity: [], }
gsd-2015-1848
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
Aliases
Aliases
{ GSD: { alias: "CVE-2015-1848", description: "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.", id: "GSD-2015-1848", references: [ "https://www.suse.com/security/cve/CVE-2015-1848.html", "https://access.redhat.com/errata/RHSA-2015:0990", "https://access.redhat.com/errata/RHSA-2015:0980", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2015-1848", ], details: "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.", id: "GSD-2015-1848", modified: "2023-12-13T01:20:05.151258Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-1848", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_affected: "=", version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html", refsource: "MISC", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html", }, { name: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html", refsource: "MISC", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html", }, { name: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html", refsource: "MISC", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2015-0980.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2015-0980.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2015-0990.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2015-0990.html", }, { name: "http://www.securityfocus.com/bid/74623", refsource: "MISC", url: "http://www.securityfocus.com/bid/74623", }, { name: "https://bugzilla.redhat.com/attachment.cgi?id=1009855", refsource: "MISC", url: "https://bugzilla.redhat.com/attachment.cgi?id=1009855", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "0.9.137", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:7.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:6.6.z:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:6.6.z:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:7.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-1848", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-310", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2015:0990", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0990.html", }, { name: "https://bugzilla.redhat.com/attachment.cgi?id=1009855", refsource: "CONFIRM", tags: [ "Exploit", "Issue Tracking", ], url: "https://bugzilla.redhat.com/attachment.cgi?id=1009855", }, { name: "RHSA-2015:0980", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0980.html", }, { name: "74623", refsource: "BID", tags: [ "Third Party Advisory", ], url: "http://www.securityfocus.com/bid/74623", }, { name: "FEDORA-2015-8765", refsource: "FEDORA", tags: [], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html", }, { name: "FEDORA-2015-8788", refsource: "FEDORA", tags: [], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html", }, { name: "FEDORA-2015-8761", refsource: "FEDORA", tags: [], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, }, lastModifiedDate: "2023-02-12T23:15Z", publishedDate: "2015-05-14T14:59Z", }, }, }
fkie_cve-2015-1848
Vulnerability from fkie_nvd
Published
2015-05-14 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*", matchCriteriaId: "E8A6579C-9633-4842-972F-4392053D9D73", versionEndIncluding: "0.9.137", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ACB0BE-6736-4644-86B1-77AA9E5B8AEF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:*:*:*:*:*:*:*", matchCriteriaId: "F92715C0-6341-4617-9F61-C87907D1C3F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:6.6.z:*:*:*:*:*:*:*", matchCriteriaId: "01885365-42EB-4519-B331-B30CE1D5968B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:7.1:*:*:*:*:*:*:*", matchCriteriaId: "EF7EA768-C917-4A14-B599-B8615A532B18", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:*:*:*:*:*:*:*", matchCriteriaId: "B284C97C-AEF7-4431-8A02-E0EA5B991FE0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*", matchCriteriaId: "F66BE726-A258-42D7-B23A-925F50FDF449", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:6.6.z:*:*:*:*:*:*:*", matchCriteriaId: "FC8BA03B-6E9A-46DC-B979-B8C522269F15", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:7.1:*:*:*:*:*:*:*", matchCriteriaId: "94594B19-900E-4F56-BDB8-3C9681656C84", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.", }, { lang: "es", value: "El demonio pcs (pcsd) en PCS 0.9.137 y anteriores no establece el indicador de seguridad en una cookie de sesión https, lo cual hace más fácil a atacantes remotos capturar dicha cookie interceptando la transmisión dentro de una sesión http. NOTA: este problema ha sido dividido (SPLIT) por ADT2 debido a diferentes tipos de vulnerabilidad. CVE-2015-3983 es para el problema con no configurar el indicador HTTPOnly.", }, ], id: "CVE-2015-1848", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-05-14T14:59:07.897", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0980.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0990.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.securityfocus.com/bid/74623", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", ], url: "https://bugzilla.redhat.com/attachment.cgi?id=1009855", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0980.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0990.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.securityfocus.com/bid/74623", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", ], url: "https://bugzilla.redhat.com/attachment.cgi?id=1009855", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.