UBUNTU-CVE-2010-2496
- Source
- https://ubuntu.com/security/CVE-2010-2496
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-2496.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2010-2496
- Upstream
- Withdrawn
- 2025-07-18T16:42:39Z
- Published
- 2021-10-18T13:15:00Z
- Modified
- 2025-07-16T08:10:26.116239Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.
- References
-
- https://ubuntu.com/security/CVE-2010-2496
- https://bugzilla.suse.com/show_bug.cgi?id=620781
- https://github.com/ClusterLabs/cluster-glue/commit/3d7b464439ee0271da76e0ee9480f3dc14005879
- https://github.com/ClusterLabs/pacemaker/commit/7901f43c5800374d41ae2287fe122692fe045664
- https://www.cve.org/CVERecord?id=CVE-2010-2496
Affected packages
Ubuntu:18.04:LTS / cluster-glue
Package
- Name
- cluster-glue
- Purl
- pkg:deb/ubuntu/cluster-glue@1.0.12-7build1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.12-7build1
Ecosystem specific
{
"binaries": [
{
"binary_name": "cluster-glue",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "cluster-glue-dbgsym",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "cluster-glue-dev",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "liblrm2",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "liblrm2-dbgsym",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "liblrm2-dev",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libpils2",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libpils2-dbgsym",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libpils2-dev",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libplumb2",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libplumb2-dbgsym",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libplumb2-dev",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libplumbgpl2",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libplumbgpl2-dbgsym",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libplumbgpl2-dev",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libstonith1",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libstonith1-dbgsym",
"binary_version": "1.0.12-7build1"
},
{
"binary_name": "libstonith1-dev",
"binary_version": "1.0.12-7build1"
}
],
"availability": "No subscription required"
}
Ubuntu:18.04:LTS / pacemaker
Package
- Name
- pacemaker
- Purl
- pkg:deb/ubuntu/pacemaker@1.1.18-0ubuntu1.3?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.18-0ubuntu1.3
Affected versions
1.*
1.1.16-1ubuntu1
1.1.18~rc3-1ubuntu1
1.1.18~rc4-1ubuntu1
1.1.18-0ubuntu1
1.1.18-0ubuntu1.1
1.1.18-0ubuntu1.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libcib-dev",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libcib4",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libcib4-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libcrmcluster-dev",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libcrmcluster4",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libcrmcluster4-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libcrmcommon-dev",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libcrmcommon3",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libcrmcommon3-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libcrmservice-dev",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libcrmservice3",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libcrmservice3-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "liblrmd-dev",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "liblrmd1",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "liblrmd1-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libpe-rules2",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libpe-rules2-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libpe-status10",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libpe-status10-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libpengine-dev",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libpengine10",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libpengine10-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libstonithd-dev",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libstonithd2",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libstonithd2-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libtransitioner2",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "libtransitioner2-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "pacemaker",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "pacemaker-cli-utils",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "pacemaker-cli-utils-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "pacemaker-common",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "pacemaker-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "pacemaker-doc",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "pacemaker-remote",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "pacemaker-remote-dbgsym",
"binary_version": "1.1.18-0ubuntu1.3"
},
{
"binary_name": "pacemaker-resource-agents",
"binary_version": "1.1.18-0ubuntu1.3"
}
],
"availability": "No subscription required"
}