CVE-2018-19046

LOW

Description

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.

References

https://bugzilla.suse.com/show_bug.cgi?id=1015141

https://github.com/acassen/keepalived/issues/1048

https://security.gentoo.org/glsa/201903-01

Details

Source: MITRE

Published: 2018-11-08

Updated: 2019-03-13

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3.0

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:keepalived:keepalived:2.0.8:*:*:*:*:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
142505EulerOS Virtualization 3.0.6.6 : keepalived (EulerOS-SA-2020-2445)NessusHuawei Local Security Checks
low
140343EulerOS Virtualization for ARM 64 3.0.2.0 : keepalived (EulerOS-SA-2020-1973)NessusHuawei Local Security Checks
low
140140EulerOS 2.0 SP5 : keepalived (EulerOS-SA-2020-1919)NessusHuawei Local Security Checks
low
135144EulerOS Virtualization for ARM 64 3.0.6.0 : keepalived (EulerOS-SA-2020-1357)NessusHuawei Local Security Checks
low
134783EulerOS 2.0 SP8 : keepalived (EulerOS-SA-2020-1291)NessusHuawei Local Security Checks
low
126112Photon OS 3.0: Keepalived PHSA-2019-3.0-0015NessusPhotonOS Local Security Checks
high
125400Photon OS 1.0: Keepalived PHSA-2019-1.0-0235NessusPhotonOS Local Security Checks
medium
125394Photon OS 2.0: Keepalived PHSA-2019-2.0-0160NessusPhotonOS Local Security Checks
high
123152openSUSE Security Update : keepalived (openSUSE-2019-1008)NessusSuSE Local Security Checks
medium
122729GLSA-201903-01 : Keepalived: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
120373Fedora 29 : keepalived (2018-3fbc181b3e)NessusFedora Local Security Checks
high
119854openSUSE Security Update : keepalived (openSUSE-2018-1575)NessusSuSE Local Security Checks
medium