Mandriva Linux Security Advisory : keepalived (MDVSA-2013:096)
Low Nessus Plugin ID 66108
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated keepalived package fixes security vulnerability :
The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files (CVE-2011-1784).
A security issue due to syslog being used inside of sighandlers has also been fixed.
Finally, keepalived was failing to load the ip_vs kernel module because of an incorrect modprobe option. This has also been corrected.
SolutionUpdate the affected keepalived package.