CVE-2016-7797
pacemaker: pacemaker remote nodes vulnerable to hijacking, resulting in a DoS attack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
Pacemaker en versiones anteriores a 1.1.15, al usar el control remoto de marcapasos, podría permitir a atacantes remotos provocar una denegación de servicio (desconexión de nodo) a través de una conexión no autenticada.
It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service.
The Pacemaker cluster resource manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. The following packages have been upgraded to a newer upstream version: pacemaker. Security Fix: It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2016-11-03 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-254: 7PK - Security Features
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/93261 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/01/1 | 2018-10-30 | |
| https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Clusterlabs Search vendor "Clusterlabs" | Pacemaker Search vendor "Clusterlabs" for product "Pacemaker" | <= 1.1.14 Search vendor "Clusterlabs" for product "Pacemaker" and version " <= 1.1.14" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.2 Search vendor "Opensuse" for product "Leap" and version "42.2" | - |
Affected
| ||||||
| Opensuse Project Search vendor "Opensuse Project" | Leap Search vendor "Opensuse Project" for product "Leap" | 42.1 Search vendor "Opensuse Project" for product "Leap" and version "42.1" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise High Availability Search vendor "Suse" for product "Linux Enterprise High Availability" | 12 Search vendor "Suse" for product "Linux Enterprise High Availability" and version "12" | sp2 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12" | sp2 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux High Availability Search vendor "Redhat" for product "Enterprise Linux High Availability" | 7.0 Search vendor "Redhat" for product "Enterprise Linux High Availability" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Resilient Storage Search vendor "Redhat" for product "Enterprise Linux Resilient Storage" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Resilient Storage" and version "7.0" | - |
Affected
| ||||||