SB2019031003 - Gentoo update for Keepalived

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019031003

SB2019031003 - Gentoo update for Keepalived

Published: March 10, 2019

Security Bulletin ID SB2019031003
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) UNIX symbolic link following (CVE-ID: CVE-2018-19044)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue when writing data to a temporary file upon a call to PrintData or PrintStats. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application, if fs.protected_symlinks is set to 0.

Successful exploitation of this vulnerability may result in privilege escalation.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2018-19045)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to software sets insecure default permissions (0666) when creating new temporary files upon a call to PrintData or PrintStats. A local user can read potentially sensitive information from temporary files.



3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2018-19046)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to software does not check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. A local user can create a file "/tmp/keepalived.data" or "/tmp/keepalived.stats" with read access to it for the attacker and write access for keepalived process, it is possible to gain access to sensitive information, written into these files by the application.



4) Heap-based buffer overflow (CVE-ID: CVE-2018-19115)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when parsing HTTP status codes within the extract_status_code() function in lib/html.c. A remote attacker can send a specially crafted HTTP request, trigger heap-based buffer overflow and peform denial of service attack or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References