MidnightBSD

Advisories for keepalived

CVE-2011-1784 LOW

The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
keepalived keepalived 1.0.0
keepalived keepalived 0.6.8
keepalived keepalived 1.1.13
keepalived keepalived 1.1.14
keepalived keepalived 0.6.3
keepalived keepalived 0.6.4
keepalived keepalived 0.6.6
keepalived keepalived 0.3.6
keepalived keepalived 1.1.15
keepalived keepalived 0.2.7
keepalived keepalived 1.1.9
keepalived keepalived 0.6.1
keepalived keepalived 1.0.3
keepalived keepalived 0.3.7
keepalived keepalived 1.1.10
keepalived keepalived 1.1.1
keepalived keepalived 1.1.2
keepalived keepalived 1.1.17
keepalived keepalived 1.0.1
keepalived keepalived 0.4.8
keepalived keepalived 0.2.1
keepalived keepalived 1.1.16
keepalived keepalived 1.1.5
keepalived keepalived 1.1.6
keepalived keepalived 1.0.2
keepalived keepalived 0.5.3
keepalived keepalived *
keepalived keepalived 1.1.18
keepalived keepalived 1.2.1
keepalived keepalived 0.5.8
keepalived keepalived 0.6.2
keepalived keepalived 0.6.9
keepalived keepalived 0.3.5
keepalived keepalived 1.2.0
keepalived keepalived 1.1.11
keepalived keepalived 0.4.9
keepalived keepalived 0.6.5
keepalived keepalived 0.6.10
keepalived keepalived 1.1.12
keepalived keepalived 1.1.7
keepalived keepalived 0.7.6
keepalived keepalived 1.1.4
keepalived keepalived 1.1.3
keepalived keepalived 0.3.8
keepalived keepalived 0.7.1
keepalived keepalived 0.6.7
keepalived keepalived 0.2.6
keepalived keepalived 0.5.9
keepalived keepalived 1.1.19
keepalived keepalived 1.1.20
keepalived keepalived 0.4.9a
keepalived keepalived 0.5.6
keepalived keepalived 1.1.8
keepalived keepalived 0.5.7
keepalived keepalived 0.5.5
keepalived keepalived 0.2.3
keepalived keepalived 1.1.0
CVE-2018-19044 LOW

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
keepalived keepalived 2.0.8
CVE-2018-19045 MEDIUM

keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
keepalived keepalived 2.0.8
CVE-2018-19046 LOW

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
keepalived keepalived 2.0.8
CVE-2018-19115 HIGH

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_workstation 7.0
keepalived keepalived *
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
redhat enterprise_linux_server_tus 7.6
CVE-2021-44225 MEDIUM

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 34
keepalived keepalived *