https://bugzilla.suse.com/show_bug.cgi?id=1015141

https://github.com/acassen/keepalived/issues/1048

GLSA-201903-01

According to the version of the keepalived package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  - keepalived 2.0.8 didn't check for existing plain files     when writing data to a temporary file upon a call to     PrintData or PrintStats. If a local attacker had     previously created a file with the expected name (e.g.,     /tmp/keepalived.data or /tmp/keepalived.stats), with     read access for the attacker and write access for the     keepalived process, then this potentially leaked     sensitive information.(CVE-2018-19046)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the keepalived package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

  - keepalived 2.0.8 didn't check for existing plain files     when writing data to a temporary file upon a call to     PrintData or PrintStats. If a local attacker had     previously created a file with the expected name (e.g.,     /tmp/keepalived.data or /tmp/keepalived.stats), with     read access for the attacker and write access for the     keepalived process, then this potentially leaked     sensitive information.(CVE-2018-19046)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - keepalived 2.0.8 didn't check for existing plain files     when writing data to a temporary file upon a call to     PrintData or PrintStats. If a local attacker had     previously created a file with the expected name (e.g.,     /tmp/keepalived.data or /tmp/keepalived.stats), with     read access for the attacker and write access for the     keepalived process, then this potentially leaked     sensitive information.(CVE-2018-19046)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the keepalived package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - keepalived 2.0.8 didn't check for pathnames with     symlinks when writing data to a temporary file upon a     call to PrintData or PrintStats. This allowed local     users to overwrite arbitrary files if     fs.protected_symlinks is set to 0, as demonstrated by a     symlink from /tmp/keepalived.data or     /tmp/keepalived.stats to /etc/passwd.(CVE-2018-19044)

  - keepalived 2.0.8 didn't check for existing plain files     when writing data to a temporary file upon a call to     PrintData or PrintStats. If a local attacker had     previously created a file with the expected name (e.g.,     /tmp/keepalived.data or /tmp/keepalived.stats), with     read access for the attacker and write access for the     keepalived process, then this potentially leaked     sensitive information.(CVE-2018-19046)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the keepalived package has been released.

This update for keepalived to version 2.0.10 fixes the following issues :

Security issues fixed (bsc#1015141) :

  - CVE-2018-19044: Fixed a check for pathnames with     symlinks when writing data to a temporary file upon a     call to PrintData or PrintStats

  - CVE-2018-19045: Fixed mode when creating new temporary     files upon a call to PrintData or PrintStats

  - CVE-2018-19046: Fixed a check for existing plain files     when writing data to a temporary file upon a call to     PrintData or PrintStats

Non-security issues fixed :

  - Replace references to /var/adm/fillup-templates with new     %_fillupdir macro (boo#1069468)

  - Use getaddrinfo instead of gethostbyname to workaround     glibc gethostbyname function buffer overflow     (bsc#949238)

For the full list of changes refer to:
http://www.keepalived.org/changelog.html

The remote host is affected by the vulnerability described in GLSA-201903-01 (Keepalived: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in keepalived. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could send a specially crafted request possibly       resulting in a Denial of Service condition. A local attacker could       perform symlink attacks to overwrite arbitrary files with the privileges       of the user running the application.
  Workaround :

    There is no known workaround at this time.

Security fix for CVE-2018-19044, CVE-2018-19045, CVE-2018-19046, CVE-2018-19115

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
142505	EulerOS Virtualization 3.0.6.6 : keepalived (EulerOS-SA-2020-2445)	Nessus	Huawei Local Security Checks	low
140343	EulerOS Virtualization for ARM 64 3.0.2.0 : keepalived (EulerOS-SA-2020-1973)	Nessus	Huawei Local Security Checks	low
140140	EulerOS 2.0 SP5 : keepalived (EulerOS-SA-2020-1919)	Nessus	Huawei Local Security Checks	low
135144	EulerOS Virtualization for ARM 64 3.0.6.0 : keepalived (EulerOS-SA-2020-1357)	Nessus	Huawei Local Security Checks	low
134783	EulerOS 2.0 SP8 : keepalived (EulerOS-SA-2020-1291)	Nessus	Huawei Local Security Checks	low
126112	Photon OS 3.0: Keepalived PHSA-2019-3.0-0015	Nessus	PhotonOS Local Security Checks	high
125400	Photon OS 1.0: Keepalived PHSA-2019-1.0-0235	Nessus	PhotonOS Local Security Checks	medium
125394	Photon OS 2.0: Keepalived PHSA-2019-2.0-0160	Nessus	PhotonOS Local Security Checks	high
123152	openSUSE Security Update : keepalived (openSUSE-2019-1008)	Nessus	SuSE Local Security Checks	medium
122729	GLSA-201903-01 : Keepalived: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
120373	Fedora 29 : keepalived (2018-3fbc181b3e)	Nessus	Fedora Local Security Checks	high
119854	openSUSE Security Update : keepalived (openSUSE-2018-1575)	Nessus	SuSE Local Security Checks	medium

CVE-2018-19046

LOW

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

low

low

low

low

low

high

medium

high

medium

high

high

medium