Vulnerability Description
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Keepalived | Keepalived | <= 2.2.4 |
| Fedoraproject | Fedora | 34 |
References
- https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e4PatchThird Party Advisory
- https://github.com/acassen/keepalived/pull/2063Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e4PatchThird Party Advisory
- https://github.com/acassen/keepalived/pull/2063Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2021-44225?
CVE-2021-44225 is a vulnerability with a CVSS score of 5.4 (MEDIUM). In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in s...
How severe is CVE-2021-44225?
CVE-2021-44225 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-44225?
Check the references section above for vendor advisories and patch information. Affected products include: Keepalived Keepalived, Fedoraproject Fedora.