Vulnerability CVE-2011-1784


Published: 2011-05-20   Modified: 2012-02-13

Description:
The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Keepalived
Product: Keepalived 
Version:
1.2.2
1.2.1
1.2.0
1.1.9
1.1.8
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.20
1.1.2
1.1.19
1.1.18
1.1.17
1.1.16
1.1.15
1.1.14
1.1.13
1.1.12
1.1.11
1.1.10
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0
0.7.6
0.7.1
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.10
0.6.1
0.5.9
0.5.8
0.5.7
0.5.6
0.5.5
0.5.3
0.4.9a
0.4.9
0.4.8
0.3.8
0.3.7
0.3.6
0.3.5
0.2.7
0.2.6
0.2.3
0.2.1

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.6/10
4.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=704039
http://xforce.iss.net/xforce/xfdb/67477
http://www.securityfocus.com/bid/47859
http://www.osvdb.org/72380
http://secunia.com/advisories/44460
http://openwall.com/lists/oss-security/2011/05/16/7
http://openwall.com/lists/oss-security/2011/05/10/5
http://lists.debian.org/debian-security/2011/05/msg00018.html
http://lists.debian.org/debian-security/2011/05/msg00013.html
http://lists.debian.org/debian-security/2011/05/msg00012.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626281

Related CVE
CVE-2018-19046
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepaliv...
CVE-2018-19045
keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.
CVE-2018-19044
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a s...

Copyright 2019, cxsecurity.com

 

Back to Top