ALAS2-2019-1275 --- pacemakerID: oval:org.secpod.oval:def:1700214 | Date: (C)2019-10-04 (M)2023-12-20 |
Class: PATCH | Family: unix |
A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs. A flaw was found in the way pacemaker#039;s client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation