CVE-2018-19044

LOW

Description

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.

References

https://access.redhat.com/errata/RHSA-2019:2285

https://bugzilla.suse.com/show_bug.cgi?id=1015141

https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306

https://github.com/acassen/keepalived/issues/1048

https://security.gentoo.org/glsa/201903-01

Details

Source: MITRE

Published: 2018-11-08

Updated: 2019-08-06

Type: CWE-59

Risk Information

CVSS v2.0

Base Score: 3.3

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3.0

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 1

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:keepalived:keepalived:2.0.8:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
140890EulerOS 2.0 SP3 : keepalived (EulerOS-SA-2020-2123)NessusHuawei Local Security Checks
low
139548Amazon Linux AMI : keepalived (ALAS-2020-1414)NessusAmazon Linux Local Security Checks
low
136264EulerOS Virtualization for ARM 64 3.0.2.0 : keepalived (EulerOS-SA-2020-1561)NessusHuawei Local Security Checks
low
135655EulerOS Virtualization 3.0.2.2 : keepalived (EulerOS-SA-2020-1493)NessusHuawei Local Security Checks
high
135144EulerOS Virtualization for ARM 64 3.0.6.0 : keepalived (EulerOS-SA-2020-1357)NessusHuawei Local Security Checks
low
133991EulerOS 2.0 SP8 : keepalived (EulerOS-SA-2020-1157)NessusHuawei Local Security Checks
low
132488NewStart CGSL CORE 5.05 / MAIN 5.05 : keepalived Vulnerability (NS-SA-2019-0240)NessusNewStart CGSL Local Security Checks
low
132359EulerOS 2.0 SP5 : keepalived (EulerOS-SA-2019-2692)NessusHuawei Local Security Checks
low
131407NewStart CGSL CORE 5.04 / MAIN 5.04 : keepalived Vulnerability (NS-SA-2019-0219)NessusNewStart CGSL Local Security Checks
low
130220Amazon Linux 2 : keepalived (ALAS-2019-1323)NessusAmazon Linux Local Security Checks
low
128384CentOS 7 : keepalived (CESA-2019:2285)NessusCentOS Local Security Checks
low
128225Scientific Linux Security Update : keepalived on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
low
127706RHEL 7 : keepalived (RHSA-2019:2285)NessusRed Hat Local Security Checks
low
126112Photon OS 3.0: Keepalived PHSA-2019-3.0-0015NessusPhotonOS Local Security Checks
high
123152openSUSE Security Update : keepalived (openSUSE-2019-1008)NessusSuSE Local Security Checks
medium
122920Photon OS 1.0: Keepalived PHSA-2019-1.0-0212NessusPhotonOS Local Security Checks
high
122916Photon OS 2.0: Keepalived PHSA-2019-2.0-0134NessusPhotonOS Local Security Checks
high
122729GLSA-201903-01 : Keepalived: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
120373Fedora 29 : keepalived (2018-3fbc181b3e)NessusFedora Local Security Checks
high
119854openSUSE Security Update : keepalived (openSUSE-2018-1575)NessusSuSE Local Security Checks
medium