Risk | Low |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2018-19045 CVE-2018-19044 CVE-2018-19046 |
CWE-ID | CWE-264 CWE-61 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Keepalived Server applications / Other server solutions |
Vendor | Keepalived |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU15790
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19045
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to software sets insecure default permissions (0666) when creating new temporary files upon a call to PrintData or PrintStats. A local user can read potentially sensitive information from temporary files.
Install updates from vendor's website.
Vulnerable software versionsKeepalived: 2.0.8
External linkshttp://bugzilla.suse.com/show_bug.cgi?id=1015141
http://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
http://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
http://github.com/acassen/keepalived/issues/1048
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU15789
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19044
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue when writing data to a temporary file upon a call to PrintData or PrintStats. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application, if fs.protected_symlinks is set to 0.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsKeepalived: 2.0.8
External linkshttp://bugzilla.suse.com/show_bug.cgi?id=1015141
http://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
http://github.com/acassen/keepalived/issues/1048
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU15791
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19046
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to software does not check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. A local user can create a file "/tmp/keepalived.data" or "/tmp/keepalived.stats" with read access to it for the attacker and write access for keepalived process, it is possible to gain access to sensitive information, written into these files by the application.
Install updates from vendor's website.
Vulnerable software versionsKeepalived: 2.0.8
External linkshttp://bugzilla.suse.com/show_bug.cgi?id=1015141
http://github.com/acassen/keepalived/issues/1048
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.