Bug#1018930: [Debian-ha-maintainers] Bug#1018930: marked as done (pcs: CVE-2022-2735: Obtaining an authentication token for hacluster user leads to privilege escalation)

Valentin Vidic Wed, 07 Sep 2022 15:24:21 -0700

I checked pcs 0.10.1-2 in buster and it turns out it is not vulnerable
to CVE-2022-2735. Separate ruby daemon with a world writable UNIX socket
was introduced later in 0.10.5:


https://salsa.debian.org/ha-team/pcs/-/commits/master/pcsd/pcsd-ruby.service.in

Before that version python code runs ruby commands and they communicate
by sending json responses on stdin/stdout.

https://salsa.debian.org/ha-team/pcs/-/blob/38330deb0d849d6a1945856b24323043f6a7839b/pcs/daemon/ruby_pcsd.py

-- 
Valentin

Bug#1018930: [Debian-ha-maintainers] Bug#1018930: marked as done (pcs: CVE-2022-2735: Obtaining an authentication token for hacluster user leads to privilege escalation)

Reply via email to