[Debian-ha-maintainers] Bug#1018930: Bug#1018930: marked as done (pcs: CVE-2022-2735: Obtaining an authentication token for hacluster user leads to privilege escalation)
Valentin Vidic
vvidic at debian.org
Wed Sep 7 23:13:25 BST 2022
I checked pcs 0.10.1-2 in buster and it turns out it is not vulnerable
to CVE-2022-2735. Separate ruby daemon with a world writable UNIX socket
was introduced later in 0.10.5:
https://salsa.debian.org/ha-team/pcs/-/commits/master/pcsd/pcsd-ruby.service.in
Before that version python code runs ruby commands and they communicate
by sending json responses on stdin/stdout.
https://salsa.debian.org/ha-team/pcs/-/blob/38330deb0d849d6a1945856b24323043f6a7839b/pcs/daemon/ruby_pcsd.py
--
Valentin
More information about the Debian-ha-maintainers
mailing list