Ubuntu Security Notice 6711-1 - Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline.
561d06378a4d832e9a803e7cdd95a4af11f2b3f29f3a2e2508d84ddaebf01a8d==========================================================================
Ubuntu Security Notice USN-6711-1
March 25, 2024
crmsh vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
CRM shell could be made to execute arbitrary code if it received
a specially crafted input.
Software Description:
- crmsh: CRM shell for the pacemaker cluster manager
Details:
Vincent Berg discovered that CRM shell incorrectly handled certain commands.
An local attacker could possibly use this issue to execute arbitrary code
via shell code injection to the crm history commandline.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
crmsh 4.2.0-2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6711-1
CVE-2020-35459
Package Information:
https://launchpad.net/ubuntu/+source/crmsh/4.2.0-2ubuntu1.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed