Multiple vulnerabilities in Keepalived

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU15790

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19045

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to software sets insecure default permissions (0666) when creating new temporary files upon a call to PrintData or PrintStats. A local user can read potentially sensitive information from temporary files.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Keepalived: 2.0.8

External links

http://bugzilla.suse.com/show_bug.cgi?id=1015141
http://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
http://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
http://github.com/acassen/keepalived/issues/1048

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) UNIX symbolic link following

EUVDB-ID: #VU15789

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19044

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue when writing data to a temporary file upon a call to PrintData or PrintStats. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application, if fs.protected_symlinks is set to 0.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Keepalived: 2.0.8

External links

http://bugzilla.suse.com/show_bug.cgi?id=1015141
http://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
http://github.com/acassen/keepalived/issues/1048

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU15791

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19046

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to software does not check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. A local user can create a file "/tmp/keepalived.data" or "/tmp/keepalived.stats" with read access to it for the attacker and write access for keepalived process, it is possible to gain access to sensitive information, written into these files by the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Keepalived: 2.0.8

External links

http://bugzilla.suse.com/show_bug.cgi?id=1015141
http://github.com/acassen/keepalived/issues/1048

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.