Detections
Analytics

MiracleLinux 7 : pacemaker-1.1.13-10.el7 (AXSA:2015-850:01)

critical Nessus Plugin ID 291597

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-850:01 advisory.

 Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA.
 It supports more than 16 node clusters with significant capabilities for managing resources and dependencies.
 It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health.
 Available rpmbuild rebuild options:
 --with(out) : cman stonithd doc coverage profiling pre_release upstart_job Security issues fixed with this release:
 CVE-2015-1867 Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
 Fixed bugs:
 * When a Pacemaker cluster included an Apache resource, and Apache's mod_systemd module was enabled, systemd rejected notifications sent by Apache. As a consequence, a large number of errors in the following format appeared in the system log:
 * Previously, specifying a remote guest node as a part of a group resource in a Pacemaker cluster caused the node to stop working. This update adds support for remote guests in Pacemaker group resources, and the described problem no longer occurs.
 * When a resource in a Pacemaker cluster failed to start, Pacemaker updated the resource's last failure time and incremented its fail count even if the on-fail=ignore option was used. This in some cases caused unintended resource migrations when a resource start failure occurred. Now, Pacemaker does not update the fail count when on-fail=ignore is used. As a result, the failure is displayed in the cluster status output, but is properly ignored and thus does not cause resource migration.
 * Previously, Pacemaker supported semicolon characters (;) as delimiters when parsing the pcmk_host_map string, but not when parsing the pcmk_host_list string. To ensure consistent user experience, semicolons are now supported as delimiters for parsing pcmk_host_list, as well.
 Enhancements:
 * If a Pacemaker location constraint has the resource-discovery=never option, Pacemaker now does not attempt to determine whether a specified service is running on the specified node. In addition, if multiple location constraints for a given resource specify resource-discovery=exclusive, then Pacemaker attempts resource discovery only on the nodes specified in those constraints. This allows Pacemaker to skip resource discovery on nodes where attempting the operation would lead to error or other undesirable behavior.
 * The procedure of configuring fencing for redundant power supplies has been simplified in order to prevent multiple nodes accessing cluster resources at the same time and thus causing data corruption. For further information, see the Fencing: Configuring STONITH chapter of the High Availability Add-On Reference manual.
 * The output of the crm_mon and pcs_status commands has been modified to be clearer and more concise, and thus easier to read when reporting the status of a Pacemaker cluster with a large number of remote nodes and cloned resources.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/6238

Plugin Details

Severity: Critical

ID: 291597

File Name: miracle_linux_AXSA-2015-850.nasl

Version: 1.1

Type: local

Published: 1/19/2026

Updated: 1/19/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-1867

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:pacemaker-doc, p-cpe:/a:miracle:linux:pacemaker-cts, p-cpe:/a:miracle:linux:pacemaker-libs, p-cpe:/a:miracle:linux:pacemaker-remote, p-cpe:/a:miracle:linux:pacemaker-cli, cpe:/o:miracle:linux:7, p-cpe:/a:miracle:linux:pacemaker-cluster-libs, p-cpe:/a:miracle:linux:pacemaker, p-cpe:/a:miracle:linux:pacemaker-libs-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/1/2015

Vulnerability Publication Date: 4/20/2015

Reference Information

CVE: CVE-2015-1867