CVE-2018-19044
Description
keepalived 2.0.8 didnt check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.
Risk Information
Base Score
4.7
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.119
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2019:2285)Moderate: security and bug fix update keepalived-debuginfo-1.3.5-16.el7.x86_64.rpm | Linux |
| Keepalived update (ELSA-2019-2285) keepalived-1.3.5-16.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234