#VU51457 Improper Privilege Management in crmsh - CVE-2020-35459
Published: March 15, 2021
Vulnerability identifier: #VU51457
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-35459
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
crmsh
crmsh
Software vendor:
ClusterLabs
ClusterLabs
Description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management. A local user can call "crm history" (when "crm" is run) and execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.
Remediation
Install updates from vendor's website.
External links
- http://www.openwall.com/lists/oss-security/2021/01/12/3
- https://bugzilla.suse.com/show_bug.cgi?id=1179999
- https://github.com/ClusterLabs/crmsh/blob/a403aa15f3ea575adfe5e43bf2a31c9f9094fcda/crmsh/history.py#L476
- https://github.com/ClusterLabs/crmsh/releases
- https://lists.debian.org/debian-lts-announce/2021/01/msg00021.html
- https://www.openwall.com/lists/oss-security/2021/01/12/3