Description
Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1635.html
Exploit, Patch x_refsource_confirm
https://github.com/ClusterLabs/pacemaker/commit/564f7cc2a51dcd2f28ab12a13394f31be5aa3c93
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=891922
Scores
EPSS
0.0300
EPSS Percentile
85.7%
Details
CWE
CWE-399
Status
published
Products (2)
clusterlabs/pacemaker
1.1.10
redhat/enterprise_linux
6.0
Published
Nov 23, 2013
Tracked Since
Feb 18, 2026