CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44225 – keepalived: dbus access control bypass
https://notcve.org/view.php?id=CVE-2021-44225
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property En Keepalived versiones hasta 2.2.4, la política D-Bus no restringe suficientemente el destino de los mensajes, permitiendo a cualquier usuario inspeccionar y manipular cualquier propiedad. Esto conlleva a una omisión del control de acceso en algunas situaciones en las que un servicio del sistema D-Bus no relacionado presenta una propiedad configurable (escribible) A flaw was found in keepalived, where an improper authentication vulnerability allows an unprivileged user to change properties that could lead to an access-control bypass. • https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d https://github.com/acassen/keepalived/pull/2063 https://lists.debian.org/debian-lts-announce/2023/04/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5226RYNMNB7FL4MSJDIBBGPUWH6LMRYV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O2R6EXURJQFPFPYFWRCZLUYVWQCLSZM https://access.redhat.com/security/cve/CVE-2021-44225 https://bugzilla.redhat.com/show& • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2018-19115 – keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-19115
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. keepalived hasta la versión 2.0.8 tiene un desbordamiento de búfer basado en memoria dinámica (heap) cuando se analizan los códigos de estado HTTP, lo que resulta en una denegación de servicio (DoS) o, posiblemente, en otro impacto indeterminado, debido a que extract_status_code en lib/html.c no tiene ninguna validación del código de estado y, en su lugar, escribe una cantidad ilimitada de datos en la memoria dinámica. Heap-based buffer overflow vulnerability in extract_status_code() function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary code on keepalived load balancer. • https://access.redhat.com/errata/RHSA-2019:0022 https://access.redhat.com/errata/RHSA-2019:1792 https://access.redhat.com/errata/RHSA-2019:1945 https://bugzilla.suse.com/show_bug.cgi?id=1015141 https://github.com/acassen/keepalived/pull/961 https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9 https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html https://security.gentoo.org/glsa/201903-01 https://usn.ubuntu.com/3995-1 https:/& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19044 – keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks
https://notcve.org/view.php?id=CVE-2018-19044
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. keepalived 2.0.8 no buscaba nombres de ruta con enlaces simbólicos al escribir datos en un archivo temporal al llamar a PrintData o PrintStats. Esto permitía a los usuarios locales sobrescribir archivos arbitrarios si fs.protected_symlinks se establece en 0, tal y como lo demuestra un enlace simbólico desde /tmp/keepalived.data o /tmp/keepalived.stats a /etc/passwd. • https://access.redhat.com/errata/RHSA-2019:2285 https://bugzilla.suse.com/show_bug.cgi?id=1015141 https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306 https://github.com/acassen/keepalived/issues/1048 https://security.gentoo.org/glsa/201903-01 https://access.redhat.com/security/cve/CVE-2018-19044 https://bugzilla.redhat.com/show_bug.cgi?id=1651863 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19046
https://notcve.org/view.php?id=CVE-2018-19046
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information. keepalived 2.0.8 no verificaba los archivos planos existentes al escribir datos en un archivo temporal al llamar a PrintData o PrintStats. Si un atacante local hubiera creado previamente un archivo con el nombre esperado (por ejemplo, /tmp/keepalived.data o /tmp/keepalived.stats), con acceso de lectura para el atacante y acceso de escritura para el proceso keepalived, entonces esto podría filtrar información sensible. • https://bugzilla.suse.com/show_bug.cgi?id=1015141 https://github.com/acassen/keepalived/issues/1048 https://security.gentoo.org/glsa/201903-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19045
https://notcve.org/view.php?id=CVE-2018-19045
keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. keepalived 2.0.8 utilizaba el modo 0666 cuando se creaban nuevos archivos temporales tras una llamada a PrintData o PrintStats, con la posibilidad de que se filtrara información sensible. • https://bugzilla.suse.com/show_bug.cgi?id=1015141 https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6 https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067 https://github.com/acassen/keepalived/issues/1048 https://security.gentoo.org/glsa/201903-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •