Unrated severityNVD Advisory· Published Nov 26, 2021· Updated Aug 4, 2024
CVE-2021-44225
CVE-2021-44225
Description
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15- Keepalived/Keepaliveddescription
- Range: <=2.2.4
- osv-coords13 versionspkg:rpm/almalinux/keepalivedpkg:rpm/opensuse/keepalived&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/keepalived&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/keepalived&distro=openSUSE%20Tumbleweedpkg:rpm/suse/keepalived&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/keepalived&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1pkg:rpm/suse/keepalived&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/keepalived&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3pkg:rpm/suse/keepalived&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4pkg:rpm/suse/keepalived&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/keepalived&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/keepalived&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/keepalived&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 2.1.5-8.el8+ 12 more
- (no CPE)range: < 2.1.5-8.el8
- (no CPE)range: < 2.0.19-150100.3.6.1
- (no CPE)range: < 2.2.2-150400.3.5.1
- (no CPE)range: < 2.2.7-1.1
- (no CPE)range: < 2.0.19-3.9.1
- (no CPE)range: < 2.0.19-150100.3.6.1
- (no CPE)range: < 2.0.19-150100.3.6.1
- (no CPE)range: < 2.0.19-150100.3.6.1
- (no CPE)range: < 2.2.2-150400.3.5.1
- (no CPE)range: < 2.0.19-3.9.1
- (no CPE)range: < 2.0.19-3.6.1
- (no CPE)range: < 2.0.19-3.9.1
- (no CPE)range: < 2.0.19-3.6.1
Patches
Vulnerability mechanics
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5226RYNMNB7FL4MSJDIBBGPUWH6LMRYV/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O2R6EXURJQFPFPYFWRCZLUYVWQCLSZM/mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2023/04/msg00012.htmlmitremailing-list
- github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3dmitre
- github.com/acassen/keepalived/pull/2063mitre
News mentions
0No linked articles in our index yet.