Unrated severityNVD Advisory· Published Nov 8, 2018· Updated Aug 5, 2024
CVE-2018-19044
CVE-2018-19044
Description
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: = 2.0.8
- osv-coords2 versionspkg:rpm/opensuse/keepalived&distro=openSUSE%20Tumbleweedpkg:rpm/suse/keepalived&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1
< 2.2.2-4.2+ 1 more
- (no CPE)range: < 2.2.2-4.2
- (no CPE)range: < 2.0.19-3.3.1
Patches
Vulnerability mechanics
References
5- access.redhat.com/errata/RHSA-2019:2285mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201903-01mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.suse.com/show_bug.cgimitrex_refsource_MISC
- github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306mitrex_refsource_MISC
- github.com/acassen/keepalived/issues/1048mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.