 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2020-35459 |
| Description: | An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.854024 1.3.6.1.4.1.25623.1.0.853618 1.3.6.1.4.1.25623.1.0.853632 1.3.6.1.4.1.25623.1.0.854012 1.3.6.1.4.1.25623.1.1.12.2024.6711.1 1.3.6.1.4.1.25623.1.0.892533 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-35459 https://bugzilla.suse.com/show_bug.cgi?id=1179999 https://github.com/ClusterLabs/crmsh/blob/a403aa15f3ea575adfe5e43bf2a31c9f9094fcda/crmsh/history.py#L476 https://github.com/ClusterLabs/crmsh/releases https://lists.debian.org/debian-lts-announce/2021/01/msg00021.html http://www.openwall.com/lists/oss-security/2021/01/12/3 |