Vulnerability Description
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Keepalived | Keepalived | 2.0.8 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:2285
- https://bugzilla.suse.com/show_bug.cgi?id=1015141Issue TrackingThird Party Advisory
- https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe27PatchThird Party Advisory
- https://github.com/acassen/keepalived/issues/1048ExploitPatchThird Party Advisory
- https://security.gentoo.org/glsa/201903-01Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2285
- https://bugzilla.suse.com/show_bug.cgi?id=1015141Issue TrackingThird Party Advisory
- https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe27PatchThird Party Advisory
- https://github.com/acassen/keepalived/issues/1048ExploitPatchThird Party Advisory
- https://security.gentoo.org/glsa/201903-01Third Party Advisory
FAQ
What is CVE-2018-19044?
CVE-2018-19044 is a vulnerability with a CVSS score of 4.7 (MEDIUM). keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.prot...
How severe is CVE-2018-19044?
CVE-2018-19044 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-19044?
Check the references section above for vendor advisories and patch information. Affected products include: Keepalived Keepalived.