Multiple vulnerabilities in Keepalived

Published: 2018-11-10 23:16:40
Severity Low
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2018-19045
CVE-2018-19044
CVE-2018-19046
CVSSv3 2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.9 [CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
3.5 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-264
CWE-61
Exploitation vector Local
Public exploit Not available
Vulnerable software Keepalived
Vulnerable software versions Keepalived 2.0.8
Vendor URL Keepalived

Security Advisory

1) Permissions, Privileges, and Access Controls

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to software sets insecure default permissions (0666) when creating new temporary files upon a call to PrintData or PrintStats. A local user can read potentially sensitive information from temporary files.


Remediation

Install updates from vendor's website.

External links

https://bugzilla.suse.com/show_bug.cgi?id=1015141
https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
https://github.com/acassen/keepalived/issues/1048

2) UNIX symbolic link following

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue when writing data to a temporary file upon a call to PrintData or PrintStats. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application, if fs.protected_symlinks is set to 0.

Successful exploitation of this vulnerability may result in privilege escalation.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.suse.com/show_bug.cgi?id=1015141
https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
https://github.com/acassen/keepalived/issues/1048

3) Permissions, Privileges, and Access Controls

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to software does not check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. A local user can create a file "/tmp/keepalived.data" or "/tmp/keepalived.stats" with read access to it for the attacker and write access for keepalived process, it is possible to gain access to sensitive information, written into these files by the application.


Remediation

Install updates from vendor's website.

External links

https://bugzilla.suse.com/show_bug.cgi?id=1015141
https://github.com/acassen/keepalived/issues/1048

Back to List