CVE-2020-35459

HIGH

Description

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.

References

http://www.openwall.com/lists/oss-security/2021/01/12/3

https://bugzilla.suse.com/show_bug.cgi?id=1179999

https://github.com/ClusterLabs/crmsh/blob/a403aa15f3ea575adfe5e43bf2a31c9f9094fcda/crmsh/history.py#L476

https://github.com/ClusterLabs/crmsh/releases

https://lists.debian.org/debian-lts-announce/2021/01/msg00021.html

https://www.openwall.com/lists/oss-security/2021/01/12/3

Details

Source: MITRE

Published: 2021-01-12

Updated: 2021-02-02

Type: CWE-269

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:clusterlabs:crmsh:*:*:*:*:*:*:*:* versions up to 4.2.1 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (5 total)

IDNameProductFamilySeverity
148179openSUSE Security Update : hawk2 (openSUSE-2021-473)NessusSuSE Local Security Checks
high
147780openSUSE Security Update : crmsh (openSUSE-2021-410)NessusSuSE Local Security Checks
high
145437Debian DLA-2533-1 : crmsh security updateNessusDebian Local Security Checks
high
145312openSUSE Security Update : crmsh (openSUSE-2021-73)NessusSuSE Local Security Checks
high
145298openSUSE Security Update : crmsh (openSUSE-2021-55)NessusSuSE Local Security Checks
high