Pacemaker could be made to run programs as an administrator.
Software Description:
- pacemaker: Cluster resource manager
Details:
Ken Gaillot discovered that Pacemaker incorrectly handled IPC
communications permissions. A local attacker could possibly use this issue
to bypass ACL restrictions and execute arbitrary code as root.
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: pacemaker 2.0.4-2ubuntu3.1 Ubuntu 20.04 LTS: pacemaker 2.0.3-3ubuntu4.1 Ubuntu 18.04 LTS: pacemaker 1.1.18-0ubuntu1.3 Ubuntu 16.04 LTS: pacemaker 1.1.14-2ubuntu1.9 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4623-1
CVE-2020-25654
Get the latest Linux and open source security news straight to your inbox.