Vulnerabilities > CVE-2015-5189 - Race Condition vulnerability in Pacemaker/Corosync Configuration System Project Pacemaker/Corosync Configuration System

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1700.NASL
    descriptionUpdated pcs packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI. (CVE-2015-5190) A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user. (CVE-2015-5189) These issues were discovered by Tomas Jelinek of Red Hat. All pcs users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86502
    published2015-10-22
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86502
    titleCentOS 6 / 7 : pcs (CESA-2015:1700)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150901_PCS_ON_SL6_X.NASL
    descriptionA command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI. (CVE-2015-5190) A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user. (CVE-2015-5189)
    last seen2020-03-18
    modified2015-09-03
    plugin id85760
    published2015-09-03
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85760
    titleScientific Linux Security Update : pcs on SL6.x, SL7.x i386/x86_64 (20150901)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1700.NASL
    descriptionUpdated pcs packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI. (CVE-2015-5190) A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user. (CVE-2015-5189) These issues were discovered by Tomas Jelinek of Red Hat. All pcs users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88636
    published2016-02-09
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88636
    titleRHEL 6 / 7 : pcs (RHSA-2015:1700)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-14983.NASL
    descriptionpcs-0.9.139-7.fc22 - Fix for CVE-2015-5189 incorrect authorization - Fix for CVE-2015-5190 command injection Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-21
    plugin id86031
    published2015-09-21
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86031
    titleFedora 22 : pcs-0.9.139-7.fc22 (2015-14983)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-15065.NASL
    descriptionpcs-0.9.137-5.fc21 - Fix for CVE-2015-5189 incorrect authorization - Fix for CVE-2015-5190 command injection Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-21
    plugin id86033
    published2015-09-21
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86033
    titleFedora 21 : pcs-0.9.137-5.fc21 (2015-15065)

Redhat

advisories
rhsa
idRHSA-2015:1700
rpms
  • pcs-0:0.9.137-13.el7_1.4
  • pcs-0:0.9.139-9.el6_7.1
  • pcs-debuginfo-0:0.9.137-13.el7_1.4
  • pcs-debuginfo-0:0.9.139-9.el6_7.1
  • python-clufter-0:0.9.137-13.el7_1.4