{"id":"UBUNTU-CVE-2010-2496","details":"stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.","modified":"2025-07-16T08:10:26.116239Z","published":"2021-10-18T13:15:00Z","withdrawn":"2025-07-18T16:42:39Z","upstream":["CVE-2010-2496"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2010-2496"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=620781"},{"type":"REPORT","url":"https://github.com/ClusterLabs/cluster-glue/commit/3d7b464439ee0271da76e0ee9480f3dc14005879"},{"type":"REPORT","url":"https://github.com/ClusterLabs/pacemaker/commit/7901f43c5800374d41ae2287fe122692fe045664"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2010-2496"}],"affected":[{"package":{"name":"cluster-glue","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/cluster-glue@1.0.12-7build1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.12-7build1"}]}],"versions":["1.0.12-5ubuntu2","1.0.12-7"],"ecosystem_specific":{"binaries":[{"binary_version":"1.0.12-7build1","binary_name":"cluster-glue"},{"binary_version":"1.0.12-7build1","binary_name":"cluster-glue-dbgsym"},{"binary_version":"1.0.12-7build1","binary_name":"cluster-glue-dev"},{"binary_version":"1.0.12-7build1","binary_name":"liblrm2"},{"binary_version":"1.0.12-7build1","binary_name":"liblrm2-dbgsym"},{"binary_version":"1.0.12-7build1","binary_name":"liblrm2-dev"},{"binary_version":"1.0.12-7build1","binary_name":"libpils2"},{"binary_version":"1.0.12-7build1","binary_name":"libpils2-dbgsym"},{"binary_version":"1.0.12-7build1","binary_name":"libpils2-dev"},{"binary_version":"1.0.12-7build1","binary_name":"libplumb2"},{"binary_version":"1.0.12-7build1","binary_name":"libplumb2-dbgsym"},{"binary_version":"1.0.12-7build1","binary_name":"libplumb2-dev"},{"binary_version":"1.0.12-7build1","binary_name":"libplumbgpl2"},{"binary_version":"1.0.12-7build1","binary_name":"libplumbgpl2-dbgsym"},{"binary_version":"1.0.12-7build1","binary_name":"libplumbgpl2-dev"},{"binary_version":"1.0.12-7build1","binary_name":"libstonith1"},{"binary_version":"1.0.12-7build1","binary_name":"libstonith1-dbgsym"},{"binary_version":"1.0.12-7build1","binary_name":"libstonith1-dev"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-2496.json"}},{"package":{"name":"pacemaker","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/pacemaker@1.1.18-0ubuntu1.3?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.18-0ubuntu1.3"}]}],"versions":["1.1.16-1ubuntu1","1.1.18~rc3-1ubuntu1","1.1.18~rc4-1ubuntu1","1.1.18-0ubuntu1","1.1.18-0ubuntu1.1","1.1.18-0ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcib-dev"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcib4"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcib4-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcrmcluster-dev"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcrmcluster4"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcrmcluster4-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcrmcommon-dev"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcrmcommon3"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcrmcommon3-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcrmservice-dev"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcrmservice3"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libcrmservice3-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"liblrmd-dev"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"liblrmd1"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"liblrmd1-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libpe-rules2"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libpe-rules2-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libpe-status10"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libpe-status10-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libpengine-dev"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libpengine10"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libpengine10-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libstonithd-dev"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libstonithd2"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libstonithd2-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libtransitioner2"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"libtransitioner2-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"pacemaker"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"pacemaker-cli-utils"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"pacemaker-cli-utils-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"pacemaker-common"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"pacemaker-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"pacemaker-doc"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"pacemaker-remote"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"pacemaker-remote-dbgsym"},{"binary_version":"1.1.18-0ubuntu1.3","binary_name":"pacemaker-resource-agents"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-2496.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}