Vulnerability CVE-2013-0281
Published: 2013-11-23

Description:
Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).

Type:

CWE-399

 (Resource Management Errors)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Redhat -> Enterprise linux 
Clusterlabs -> Pacemaker 

 References:
http://rhn.redhat.com/errata/RHSA-2013-1635.html
https://bugzilla.redhat.com/show_bug.cgi?id=891922
https://github.com/ClusterLabs/pacemaker/commit/564f7cc2a51dcd2f28ab12a13394f31be5aa3c93
Copyright 2024, cxsecurity.com

 

Back to Top