SB2018111001 - Multiple vulnerabilities in Keepalived
Published: November 10, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2018-19045)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to software sets insecure default permissions (0666) when creating new temporary files upon a call to PrintData or PrintStats. A local user can read potentially sensitive information from temporary files.
2) UNIX symbolic link following (CVE-ID: CVE-2018-19044)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue when writing data to a temporary file upon a call to PrintData or PrintStats. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application, if fs.protected_symlinks is set to 0.
Successful exploitation of this vulnerability may result in privilege escalation.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2018-19046)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to software does not check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. A local user can create a file "/tmp/keepalived.data" or "/tmp/keepalived.stats" with read access to it for the attacker and write access for keepalived process, it is possible to gain access to sensitive information, written into these files by the application.
Remediation
Install update from vendor's website.
References
- https://bugzilla.suse.com/show_bug.cgi?id=1015141
- https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
- https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
- https://github.com/acassen/keepalived/issues/1048
- https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306