CVE-2018-19044 — Link Following in Keepalived

CWE-59 — Link Following7 documents6 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 69.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Keepalived Debian Keepalived

Timeline

PublishedNov 8

Latest updateMay 14

Description

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/keepalived< keepalived 1:2.0.10-1 (bookworm)

▶Debiankeepalived/keepalived< 1:2.0.10-1+3

▶NVDkeepalived/keepalived2.0.8

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-2357-m5j6-6jv3: keepalived 2↗2022-05-14

▶

OSV

CVE-2018-19044: keepalived 2↗2018-11-08

▶

📋Vendor Advisories

Red Hat

keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks↗2018-11-08

▶

Debian

CVE-2018-19044: keepalived - keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a...↗2018

▶

💬Community

Bugzilla

CVE-2018-19044 keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks [fedora-all]↗2018-11-21

▶

Bugzilla

CVE-2018-19044 keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks↗2018-11-21

▶