keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.
https://bugzilla.suse.com/show_bug.cgi?id=1015141
Source: MITRE
Published: 2018-11-08
Updated: 2019-03-13
Type: CWE-200
Base Score: 1.9
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 3.4
Severity: LOW
Base Score: 4.7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1
Severity: MEDIUM
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
142505 | EulerOS Virtualization 3.0.6.6 : keepalived (EulerOS-SA-2020-2445) | Nessus | Huawei Local Security Checks | low |
140343 | EulerOS Virtualization for ARM 64 3.0.2.0 : keepalived (EulerOS-SA-2020-1973) | Nessus | Huawei Local Security Checks | low |
140140 | EulerOS 2.0 SP5 : keepalived (EulerOS-SA-2020-1919) | Nessus | Huawei Local Security Checks | low |
135144 | EulerOS Virtualization for ARM 64 3.0.6.0 : keepalived (EulerOS-SA-2020-1357) | Nessus | Huawei Local Security Checks | low |
134783 | EulerOS 2.0 SP8 : keepalived (EulerOS-SA-2020-1291) | Nessus | Huawei Local Security Checks | low |
126112 | Photon OS 3.0: Keepalived PHSA-2019-3.0-0015 | Nessus | PhotonOS Local Security Checks | high |
125400 | Photon OS 1.0: Keepalived PHSA-2019-1.0-0235 | Nessus | PhotonOS Local Security Checks | medium |
125394 | Photon OS 2.0: Keepalived PHSA-2019-2.0-0160 | Nessus | PhotonOS Local Security Checks | high |
123152 | openSUSE Security Update : keepalived (openSUSE-2019-1008) | Nessus | SuSE Local Security Checks | medium |
122729 | GLSA-201903-01 : Keepalived: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
120373 | Fedora 29 : keepalived (2018-3fbc181b3e) | Nessus | Fedora Local Security Checks | high |
119854 | openSUSE Security Update : keepalived (openSUSE-2018-1575) | Nessus | SuSE Local Security Checks | medium |