Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by keepalived
CVE-2021-44225 (GCVE-0-2021-44225)
Vulnerability from nvd – Published: 2021-11-26 00:00 – Updated: 2024-08-04 04:17
VLAI
Summary
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/pull/2063"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d"
},
{
"name": "FEDORA-2021-255eff1bb5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O2R6EXURJQFPFPYFWRCZLUYVWQCLSZM/"
},
{
"name": "FEDORA-2021-0cda131052",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5226RYNMNB7FL4MSJDIBBGPUWH6LMRYV/"
},
{
"name": "[debian-lts-announce] 20230410 [SECURITY] [DLA 3388-1] keepalived security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/acassen/keepalived/pull/2063"
},
{
"url": "https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d"
},
{
"name": "FEDORA-2021-255eff1bb5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O2R6EXURJQFPFPYFWRCZLUYVWQCLSZM/"
},
{
"name": "FEDORA-2021-0cda131052",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5226RYNMNB7FL4MSJDIBBGPUWH6LMRYV/"
},
{
"name": "[debian-lts-announce] 20230410 [SECURITY] [DLA 3388-1] keepalived security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44225",
"datePublished": "2021-11-26T00:00:00.000Z",
"dateReserved": "2021-11-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:17:24.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19045 (GCVE-0-2018-19045)
Vulnerability from nvd – Published: 2018-11-08 20:00 – Updated: 2024-08-05 11:30
VLAI
Summary
keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/acassen/keepalived/commit/5241… | x_refsource_MISC |
| https://security.gentoo.org/glsa/201903-01 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.suse.com/show_bug.cgi?id=1015141 | x_refsource_MISC |
| https://github.com/acassen/keepalived/issues/1048 | x_refsource_MISC |
| https://github.com/acassen/keepalived/commit/c624… | x_refsource_MISC |
Date Public
2018-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6"
},
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-10T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6"
},
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6"
},
{
"name": "GLSA-201903-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name": "https://github.com/acassen/keepalived/issues/1048",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"name": "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19045",
"datePublished": "2018-11-08T20:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19046 (GCVE-0-2018-19046)
Vulnerability from nvd – Published: 2018-11-08 20:00 – Updated: 2024-08-05 11:30
VLAI
Summary
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201903-01 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.suse.com/show_bug.cgi?id=1015141 | x_refsource_MISC |
| https://github.com/acassen/keepalived/issues/1048 | x_refsource_MISC |
Date Public
2018-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "keepalived 2.0.8 didn\u0027t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-10T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "keepalived 2.0.8 didn\u0027t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201903-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name": "https://github.com/acassen/keepalived/issues/1048",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/issues/1048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19046",
"datePublished": "2018-11-08T20:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19044 (GCVE-0-2018-19044)
Vulnerability from nvd – Published: 2018-11-08 20:00 – Updated: 2024-08-05 11:30
VLAI
Summary
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/acassen/keepalived/commit/04f2… | x_refsource_MISC |
| https://security.gentoo.org/glsa/201903-01 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.suse.com/show_bug.cgi?id=1015141 | x_refsource_MISC |
| https://github.com/acassen/keepalived/issues/1048 | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2019:2285 | vendor-advisoryx_refsource_REDHAT |
Date Public
2018-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:03.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306"
},
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"name": "RHSA-2019:2285",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "keepalived 2.0.8 didn\u0027t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306"
},
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"name": "RHSA-2019:2285",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "keepalived 2.0.8 didn\u0027t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306"
},
{
"name": "GLSA-201903-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name": "https://github.com/acassen/keepalived/issues/1048",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"name": "RHSA-2019:2285",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19044",
"datePublished": "2018-11-08T20:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:03.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19115 (GCVE-0-2018-19115)
Vulnerability from nvd – Published: 2018-11-08 20:00 – Updated: 2024-08-05 11:30
VLAI
Summary
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201903-01 | vendor-advisoryx_refsource_GENTOO |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://bugzilla.suse.com/show_bug.cgi?id=1015141 | x_refsource_MISC |
| https://github.com/acassen/keepalived/pull/961/co… | x_refsource_MISC |
| https://github.com/acassen/keepalived/pull/961 | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2019:0022 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3995-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3995-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2019:1792 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1945 | vendor-advisoryx_refsource_REDHAT |
Date Public
2018-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA-1589-1] keepalived security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/pull/961"
},
{
"name": "RHSA-2019:0022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0022"
},
{
"name": "USN-3995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3995-1/"
},
{
"name": "USN-3995-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3995-2/"
},
{
"name": "RHSA-2019:1792",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1792"
},
{
"name": "RHSA-2019:1945",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T12:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA-1589-1] keepalived security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/pull/961"
},
{
"name": "RHSA-2019:0022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0022"
},
{
"name": "USN-3995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3995-1/"
},
{
"name": "USN-3995-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3995-2/"
},
{
"name": "RHSA-2019:1792",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1792"
},
{
"name": "RHSA-2019:1945",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201903-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA-1589-1] keepalived security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9"
},
{
"name": "https://github.com/acassen/keepalived/pull/961",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/pull/961"
},
{
"name": "RHSA-2019:0022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0022"
},
{
"name": "USN-3995-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3995-1/"
},
{
"name": "USN-3995-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3995-2/"
},
{
"name": "RHSA-2019:1792",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1792"
},
{
"name": "RHSA-2019:1945",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19115",
"datePublished": "2018-11-08T20:00:00.000Z",
"dateReserved": "2018-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1784 (GCVE-0-2011-1784)
Vulnerability from nvd – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:37
VLAI
Summary
The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.debian.org/debian-security/2011/05/m… | mailing-listx_refsource_MLIST |
| http://lists.debian.org/debian-security/2011/05/m… | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2011/05/10/5 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/47859 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/72380 | vdb-entryx_refsource_OSVDB |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281 | x_refsource_CONFIRM |
| http://secunia.com/advisories/44460 | third-party-advisoryx_refsource_SECUNIA |
| http://openwall.com/lists/oss-security/2011/05/16/7 | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=704039 | x_refsource_CONFIRM |
| http://lists.debian.org/debian-security/2011/05/m… | mailing-listx_refsource_MLIST |
Date Public
2011-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "keepalived-pid-dos(67477)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67477"
},
{
"name": "[debian-security] 20110511 Re: World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00018.html"
},
{
"name": "[debian-security] 20110510 World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00012.html"
},
{
"name": "[oss-security] 20110510 CVE request: keepalived pid file permissions issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/10/5"
},
{
"name": "47859",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47859"
},
{
"name": "72380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/72380"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281"
},
{
"name": "44460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44460"
},
{
"name": "[oss-security] 20110516 Re: CVE request: keepalived pid file permissions issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/16/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=704039"
},
{
"name": "[debian-security] 20110510 Re: World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "keepalived-pid-dos(67477)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67477"
},
{
"name": "[debian-security] 20110511 Re: World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00018.html"
},
{
"name": "[debian-security] 20110510 World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00012.html"
},
{
"name": "[oss-security] 20110510 CVE request: keepalived pid file permissions issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/10/5"
},
{
"name": "47859",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47859"
},
{
"name": "72380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/72380"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281"
},
{
"name": "44460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44460"
},
{
"name": "[oss-security] 20110516 Re: CVE request: keepalived pid file permissions issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/16/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=704039"
},
{
"name": "[debian-security] 20110510 Re: World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00013.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1784",
"datePublished": "2011-05-20T22:00:00.000Z",
"dateReserved": "2011-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44225 (GCVE-0-2021-44225)
Vulnerability from cvelistv5 – Published: 2021-11-26 00:00 – Updated: 2024-08-04 04:17
VLAI
Summary
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/pull/2063"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d"
},
{
"name": "FEDORA-2021-255eff1bb5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O2R6EXURJQFPFPYFWRCZLUYVWQCLSZM/"
},
{
"name": "FEDORA-2021-0cda131052",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5226RYNMNB7FL4MSJDIBBGPUWH6LMRYV/"
},
{
"name": "[debian-lts-announce] 20230410 [SECURITY] [DLA 3388-1] keepalived security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/acassen/keepalived/pull/2063"
},
{
"url": "https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d"
},
{
"name": "FEDORA-2021-255eff1bb5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O2R6EXURJQFPFPYFWRCZLUYVWQCLSZM/"
},
{
"name": "FEDORA-2021-0cda131052",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5226RYNMNB7FL4MSJDIBBGPUWH6LMRYV/"
},
{
"name": "[debian-lts-announce] 20230410 [SECURITY] [DLA 3388-1] keepalived security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44225",
"datePublished": "2021-11-26T00:00:00.000Z",
"dateReserved": "2021-11-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:17:24.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19045 (GCVE-0-2018-19045)
Vulnerability from cvelistv5 – Published: 2018-11-08 20:00 – Updated: 2024-08-05 11:30
VLAI
Summary
keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/acassen/keepalived/commit/5241… | x_refsource_MISC |
| https://security.gentoo.org/glsa/201903-01 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.suse.com/show_bug.cgi?id=1015141 | x_refsource_MISC |
| https://github.com/acassen/keepalived/issues/1048 | x_refsource_MISC |
| https://github.com/acassen/keepalived/commit/c624… | x_refsource_MISC |
Date Public
2018-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6"
},
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-10T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6"
},
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6"
},
{
"name": "GLSA-201903-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name": "https://github.com/acassen/keepalived/issues/1048",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"name": "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19045",
"datePublished": "2018-11-08T20:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19046 (GCVE-0-2018-19046)
Vulnerability from cvelistv5 – Published: 2018-11-08 20:00 – Updated: 2024-08-05 11:30
VLAI
Summary
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201903-01 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.suse.com/show_bug.cgi?id=1015141 | x_refsource_MISC |
| https://github.com/acassen/keepalived/issues/1048 | x_refsource_MISC |
Date Public
2018-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "keepalived 2.0.8 didn\u0027t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-10T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "keepalived 2.0.8 didn\u0027t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201903-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name": "https://github.com/acassen/keepalived/issues/1048",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/issues/1048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19046",
"datePublished": "2018-11-08T20:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19044 (GCVE-0-2018-19044)
Vulnerability from cvelistv5 – Published: 2018-11-08 20:00 – Updated: 2024-08-05 11:30
VLAI
Summary
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/acassen/keepalived/commit/04f2… | x_refsource_MISC |
| https://security.gentoo.org/glsa/201903-01 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.suse.com/show_bug.cgi?id=1015141 | x_refsource_MISC |
| https://github.com/acassen/keepalived/issues/1048 | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2019:2285 | vendor-advisoryx_refsource_REDHAT |
Date Public
2018-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:03.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306"
},
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"name": "RHSA-2019:2285",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "keepalived 2.0.8 didn\u0027t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306"
},
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"name": "RHSA-2019:2285",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "keepalived 2.0.8 didn\u0027t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306"
},
{
"name": "GLSA-201903-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name": "https://github.com/acassen/keepalived/issues/1048",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/issues/1048"
},
{
"name": "RHSA-2019:2285",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19044",
"datePublished": "2018-11-08T20:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:03.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19115 (GCVE-0-2018-19115)
Vulnerability from cvelistv5 – Published: 2018-11-08 20:00 – Updated: 2024-08-05 11:30
VLAI
Summary
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201903-01 | vendor-advisoryx_refsource_GENTOO |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://bugzilla.suse.com/show_bug.cgi?id=1015141 | x_refsource_MISC |
| https://github.com/acassen/keepalived/pull/961/co… | x_refsource_MISC |
| https://github.com/acassen/keepalived/pull/961 | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2019:0022 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3995-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3995-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2019:1792 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1945 | vendor-advisoryx_refsource_REDHAT |
Date Public
2018-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA-1589-1] keepalived security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/acassen/keepalived/pull/961"
},
{
"name": "RHSA-2019:0022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0022"
},
{
"name": "USN-3995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3995-1/"
},
{
"name": "USN-3995-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3995-2/"
},
{
"name": "RHSA-2019:1792",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1792"
},
{
"name": "RHSA-2019:1945",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T12:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201903-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA-1589-1] keepalived security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/acassen/keepalived/pull/961"
},
{
"name": "RHSA-2019:0022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0022"
},
{
"name": "USN-3995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3995-1/"
},
{
"name": "USN-3995-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3995-2/"
},
{
"name": "RHSA-2019:1792",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1792"
},
{
"name": "RHSA-2019:1945",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201903-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-01"
},
{
"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA-1589-1] keepalived security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9"
},
{
"name": "https://github.com/acassen/keepalived/pull/961",
"refsource": "MISC",
"url": "https://github.com/acassen/keepalived/pull/961"
},
{
"name": "RHSA-2019:0022",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0022"
},
{
"name": "USN-3995-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3995-1/"
},
{
"name": "USN-3995-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3995-2/"
},
{
"name": "RHSA-2019:1792",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1792"
},
{
"name": "RHSA-2019:1945",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19115",
"datePublished": "2018-11-08T20:00:00.000Z",
"dateReserved": "2018-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1784 (GCVE-0-2011-1784)
Vulnerability from cvelistv5 – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:37
VLAI
Summary
The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.debian.org/debian-security/2011/05/m… | mailing-listx_refsource_MLIST |
| http://lists.debian.org/debian-security/2011/05/m… | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2011/05/10/5 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/47859 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/72380 | vdb-entryx_refsource_OSVDB |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281 | x_refsource_CONFIRM |
| http://secunia.com/advisories/44460 | third-party-advisoryx_refsource_SECUNIA |
| http://openwall.com/lists/oss-security/2011/05/16/7 | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=704039 | x_refsource_CONFIRM |
| http://lists.debian.org/debian-security/2011/05/m… | mailing-listx_refsource_MLIST |
Date Public
2011-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "keepalived-pid-dos(67477)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67477"
},
{
"name": "[debian-security] 20110511 Re: World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00018.html"
},
{
"name": "[debian-security] 20110510 World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00012.html"
},
{
"name": "[oss-security] 20110510 CVE request: keepalived pid file permissions issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/10/5"
},
{
"name": "47859",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47859"
},
{
"name": "72380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/72380"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281"
},
{
"name": "44460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44460"
},
{
"name": "[oss-security] 20110516 Re: CVE request: keepalived pid file permissions issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/16/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=704039"
},
{
"name": "[debian-security] 20110510 Re: World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "keepalived-pid-dos(67477)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67477"
},
{
"name": "[debian-security] 20110511 Re: World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00018.html"
},
{
"name": "[debian-security] 20110510 World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00012.html"
},
{
"name": "[oss-security] 20110510 CVE request: keepalived pid file permissions issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/10/5"
},
{
"name": "47859",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47859"
},
{
"name": "72380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/72380"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281"
},
{
"name": "44460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44460"
},
{
"name": "[oss-security] 20110516 Re: CVE request: keepalived pid file permissions issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/16/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=704039"
},
{
"name": "[debian-security] 20110510 Re: World writable pid and lock files.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-security/2011/05/msg00013.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1784",
"datePublished": "2011-05-20T22:00:00.000Z",
"dateReserved": "2011-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}