pcs-0.9.162-5.el7.1

エラータID: AXSA:2018-2813:01

Release date: 
Tuesday, April 17, 2018 - 12:31
Subject: 
pcs-0.9.162-5.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

* pcs: Privilege escalation via authorized user malicious REST call (CVE-2018-1079)

* pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086)

* rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

The CVE-2018-1079 issue was discovered by Ondrej Mular (Asianux) and the CVE-2018-1086 issue was discovered by Cedric Buissart (Asianux).

CVE-2018-1079
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-1086
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-1000119
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.

Solution: 

Update packages.

CVEs: 
CVE-2018-1000119
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.
CVE-2018-1079
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
Additional Info: 

N/A

Download: 

SRPMS
  1. pcs-0.9.162-5.el7.1.src.rpm
    MD5: bf9d7a6c2c0f75532b8dd05ba6ac8d9f
    SHA-256: bc6522741954c8ed7e7a29b6c4df1b43365fc8fb014a518496d103732a14c0b0
    Size: 3.23 MB

Asianux Server 7 for x86_64
  1. pcs-0.9.162-5.el7.1.x86_64.rpm
    MD5: 859eadcf547373773639e8519ee8bc9c
    SHA-256: a153ced2fcbf7746b6ffd37b20db438a92534f2837e55e73897cd20436f354ee
    Size: 4.98 MB