ID FEDORA:04C50607A249 Type fedora Reporter Fedora Modified 2018-12-11T02:43:12
Description
Keepalived provides simple and robust facilities for load balancing and high availability to Linux system and Linux based infrastructures. The load balancing framework relies on well-known and widely used Linux Virtual Server (IPVS) kernel module providing Layer4 load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage load-balanced server pool according their health. High availability is achieved by VRRP protocol. VRRP is a fundamental brick for router failover. In addition, keepalived implements a set of hooks to the VRRP finite state machine providing low-level and high-speed protocol interactions. Keepalived frameworks can be used independently or all together to provide resilient infrastructures.
{"id": "FEDORA:04C50607A249", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 29 Update: keepalived-2.0.10-1.fc29", "description": "Keepalived provides simple and robust facilities for load balancing and high availability to Linux system and Linux based infrastructures. The load balancing framework relies on well-known and widely used Linux Virtual Server (IPVS) kernel module providing Layer4 load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage load-balanced server pool according their health. High availability is achieved by VRRP protocol. VRRP is a fundamental brick for router failover. In addition, keepalived implements a set of hooks to the VRRP finite state machine providing low-level and high-speed protocol interactions. Keepalived frameworks can be used independently or all together to provide resilient infrastructures. ", "published": "2018-12-11T02:43:12", "modified": "2018-12-11T02:43:12", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2018-19044", "CVE-2018-19045", "CVE-2018-19046", "CVE-2018-19115"], "lastseen": "2020-12-21T08:17:55", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-19046", "CVE-2018-19045", "CVE-2018-19115", "CVE-2018-19044"]}, {"type": "gentoo", "idList": ["GLSA-201903-01"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2019-1_0-0235_KEEPALIVED.NASL", "OPENSUSE-2019-1008.NASL", "GENTOO_GLSA-201903-01.NASL", "PHOTONOS_PHSA-2019-3_0-0015_KEEPALIVED.NASL", "FEDORA_2018-3FBC181B3E.NASL", "EULEROS_SA-2020-1357.NASL", "PHOTONOS_PHSA-2019-2_0-0160_KEEPALIVED.NASL", "EULEROS_SA-2019-1770.NASL", "EULEROS_SA-2020-1493.NASL", "OPENSUSE-2018-1575.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191680", "OPENVAS:1361412562310875848", "OPENVAS:1361412562311220201561", "OPENVAS:1361412562311220192692", "OPENVAS:1361412562311220201157", "OPENVAS:1361412562311220201493", "OPENVAS:1361412562310852199", "OPENVAS:1361412562311220201357", "OPENVAS:1361412562310891589", "OPENVAS:1361412562311220191770"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:4212-1", "OPENSUSE-SU-2018:4213-1"]}, {"type": "amazon", "idList": ["ALAS2-2019-1323", "ALAS2-2019-1154", "ALAS-2020-1414"]}, {"type": "centos", "idList": ["CESA-2019:0022", "CESA-2019:2285"]}, {"type": "redhat", "idList": ["RHSA-2019:1945", "RHSA-2019:0022", "RHSA-2019:1792", "RHSA-2019:2285"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-0022", "ELSA-2019-2285"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1589-1:A7ECF"]}, {"type": "ubuntu", "idList": ["USN-3995-1", "USN-3995-2"]}], "modified": "2020-12-21T08:17:55", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2020-12-21T08:17:55", "rev": 2}, "vulnersScore": 6.1}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "29", "arch": "any", "packageName": "keepalived", "packageVersion": "2.0.10", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"cve": [{"lastseen": "2021-02-02T06:52:33", "description": "keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.", "edition": 10, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-08T20:29:00", "title": "CVE-2018-19115", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19115"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6"], "id": "CVE-2018-19115", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19115", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:33", "description": "keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.", "edition": 5, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-08T20:29:00", "title": "CVE-2018-19044", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19044"], "modified": "2019-08-06T17:15:00", "cpe": ["cpe:/a:keepalived:keepalived:2.0.8"], "id": "CVE-2018-19044", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19044", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:keepalived:keepalived:2.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:33", "description": "keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-08T20:29:00", "title": "CVE-2018-19045", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19045"], "modified": "2019-03-12T14:13:00", "cpe": ["cpe:/a:keepalived:keepalived:2.0.8"], "id": "CVE-2018-19045", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19045", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:keepalived:keepalived:2.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:33", "description": "keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.", "edition": 4, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-08T20:29:00", "title": "CVE-2018-19046", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19046"], "modified": "2019-03-13T18:36:00", "cpe": ["cpe:/a:keepalived:keepalived:2.0.8"], "id": "CVE-2018-19046", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19046", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:keepalived:keepalived:2.0.8:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-07T10:17:05", "description": "Security fix for CVE-2018-19044, CVE-2018-19045, CVE-2018-19046,\nCVE-2018-19115\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 13, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 29 : keepalived (2018-3fbc181b3e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19046", "CVE-2018-19115", "CVE-2018-19045", "CVE-2018-19044"], "modified": "2019-01-03T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:keepalived"], "id": "FEDORA_2018-3FBC181B3E.NASL", "href": "https://www.tenable.com/plugins/nessus/120373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-3fbc181b3e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120373);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-19044\", \"CVE-2018-19045\", \"CVE-2018-19046\", \"CVE-2018-19115\");\n script_xref(name:\"FEDORA\", value:\"2018-3fbc181b3e\");\n\n script_name(english:\"Fedora 29 : keepalived (2018-3fbc181b3e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-19044, CVE-2018-19045, CVE-2018-19046,\nCVE-2018-19115\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-3fbc181b3e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected keepalived package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:keepalived\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"keepalived-2.0.10-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"keepalived\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T03:08:51", "description": "The remote host is affected by the vulnerability described in GLSA-201903-01\n(Keepalived: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in keepalived. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could send a specially crafted request possibly\n resulting in a Denial of Service condition. A local attacker could\n perform symlink attacks to overwrite arbitrary files with the privileges\n of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-11T00:00:00", "title": "GLSA-201903-01 : Keepalived: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19046", "CVE-2018-19115", "CVE-2018-19045", "CVE-2018-19044"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:keepalived"], "id": "GENTOO_GLSA-201903-01.NASL", "href": "https://www.tenable.com/plugins/nessus/122729", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201903-01.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122729);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/05\");\n\n script_cve_id(\"CVE-2018-19044\", \"CVE-2018-19045\", \"CVE-2018-19046\", \"CVE-2018-19115\");\n script_xref(name:\"GLSA\", value:\"201903-01\");\n\n script_name(english:\"GLSA-201903-01 : Keepalived: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201903-01\n(Keepalived: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in keepalived. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could send a specially crafted request possibly\n resulting in a Denial of Service condition. A local attacker could\n perform symlink attacks to overwrite arbitrary files with the privileges\n of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201903-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Keepalived users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-cluster/keepalived-2.0.10'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:keepalived\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-cluster/keepalived\", unaffected:make_list(\"ge 2.0.10\"), vulnerable:make_list(\"lt 2.0.10\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Keepalived\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:35:50", "description": "This update for keepalived to version 2.0.10 fixes the following\nissues :\n\nSecurity issues fixed (bsc#1015141) :\n\n - CVE-2018-19044: Fixed a check for pathnames with\n symlinks when writing data to a temporary file upon a\n call to PrintData or PrintStats\n\n - CVE-2018-19045: Fixed mode when creating new temporary\n files upon a call to PrintData or PrintStats\n\n - CVE-2018-19046: Fixed a check for existing plain files\n when writing data to a temporary file upon a call to\n PrintData or PrintStats\n\nNon-security issues fixed :\n\n - Replace references to /var/adm/fillup-templates with new\n %_fillupdir macro (boo#1069468)\n\n - Use getaddrinfo instead of gethostbyname to workaround\n glibc gethostbyname function buffer overflow\n (bsc#949238)\n\nFor the full list of changes refer to:\nhttp://www.keepalived.org/changelog.html", "edition": 16, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-12-24T00:00:00", "title": "openSUSE Security Update : keepalived (openSUSE-2018-1575)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19046", "CVE-2018-19045", "CVE-2018-19044"], "modified": "2018-12-24T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:keepalived-debugsource", "p-cpe:/a:novell:opensuse:keepalived", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:keepalived-debuginfo"], "id": "OPENSUSE-2018-1575.NASL", "href": "https://www.tenable.com/plugins/nessus/119854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1575.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119854);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-19044\", \"CVE-2018-19045\", \"CVE-2018-19046\");\n\n script_name(english:\"openSUSE Security Update : keepalived (openSUSE-2018-1575)\");\n script_summary(english:\"Check for the openSUSE-2018-1575 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for keepalived to version 2.0.10 fixes the following\nissues :\n\nSecurity issues fixed (bsc#1015141) :\n\n - CVE-2018-19044: Fixed a check for pathnames with\n symlinks when writing data to a temporary file upon a\n call to PrintData or PrintStats\n\n - CVE-2018-19045: Fixed mode when creating new temporary\n files upon a call to PrintData or PrintStats\n\n - CVE-2018-19046: Fixed a check for existing plain files\n when writing data to a temporary file upon a call to\n PrintData or PrintStats\n\nNon-security issues fixed :\n\n - Replace references to /var/adm/fillup-templates with new\n %_fillupdir macro (boo#1069468)\n\n - Use getaddrinfo instead of gethostbyname to workaround\n glibc gethostbyname function buffer overflow\n (bsc#949238)\n\nFor the full list of changes refer to:\nhttp://www.keepalived.org/changelog.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.keepalived.org/changelog.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1069468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=949238\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected keepalived packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:keepalived\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:keepalived-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:keepalived-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"keepalived-2.0.10-lp150.3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"keepalived-debuginfo-2.0.10-lp150.3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"keepalived-debugsource-2.0.10-lp150.3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"keepalived-2.0.10-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"keepalived-debuginfo-2.0.10-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"keepalived-debugsource-2.0.10-7.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"keepalived / keepalived-debuginfo / keepalived-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T12:40:18", "description": "This update for keepalived to version 2.0.10 fixes the following\nissues :\n\nSecurity issues fixed (bsc#1015141) :\n\n - CVE-2018-19044: Fixed a check for pathnames with\n symlinks when writing data to a temporary file upon a\n call to PrintData or PrintStats\n\n - CVE-2018-19045: Fixed mode when creating new temporary\n files upon a call to PrintData or PrintStats\n\n - CVE-2018-19046: Fixed a check for existing plain files\n when writing data to a temporary file upon a call to\n PrintData or PrintStats\n\nNon-security issues fixed :\n\n - Replace references to /var/adm/fillup-templates with new\n %_fillupdir macro (boo#1069468)\n\n - Use getaddrinfo instead of gethostbyname to workaround\n glibc gethostbyname function buffer overflow\n (bsc#949238)\n\nFor the full list of changes refer to:\nhttp://www.keepalived.org/changelog.html", "edition": 12, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : keepalived (openSUSE-2019-1008)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19046", "CVE-2018-19045", "CVE-2018-19044"], "modified": "2019-03-27T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:keepalived-debugsource", "p-cpe:/a:novell:opensuse:keepalived", "p-cpe:/a:novell:opensuse:keepalived-debuginfo"], "id": "OPENSUSE-2019-1008.NASL", "href": "https://www.tenable.com/plugins/nessus/123152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1008.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123152);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-19044\", \"CVE-2018-19045\", \"CVE-2018-19046\");\n\n script_name(english:\"openSUSE Security Update : keepalived (openSUSE-2019-1008)\");\n script_summary(english:\"Check for the openSUSE-2019-1008 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for keepalived to version 2.0.10 fixes the following\nissues :\n\nSecurity issues fixed (bsc#1015141) :\n\n - CVE-2018-19044: Fixed a check for pathnames with\n symlinks when writing data to a temporary file upon a\n call to PrintData or PrintStats\n\n - CVE-2018-19045: Fixed mode when creating new temporary\n files upon a call to PrintData or PrintStats\n\n - CVE-2018-19046: Fixed a check for existing plain files\n when writing data to a temporary file upon a call to\n PrintData or PrintStats\n\nNon-security issues fixed :\n\n - Replace references to /var/adm/fillup-templates with new\n %_fillupdir macro (boo#1069468)\n\n - Use getaddrinfo instead of gethostbyname to workaround\n glibc gethostbyname function buffer overflow\n (bsc#949238)\n\nFor the full list of changes refer to:\nhttp://www.keepalived.org/changelog.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.keepalived.org/changelog.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1069468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=949238\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected keepalived packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:keepalived\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:keepalived-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:keepalived-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"keepalived-2.0.10-lp150.3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"keepalived-debuginfo-2.0.10-lp150.3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"keepalived-debugsource-2.0.10-lp150.3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"keepalived / keepalived-debuginfo / keepalived-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T09:04:00", "description": "According to the versions of the keepalived package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - keepalived 2.0.8 didn't check for pathnames with\n symlinks when writing data to a temporary file upon a\n call to PrintData or PrintStats. This allowed local\n users to overwrite arbitrary files if\n fs.protected_symlinks is set to 0, as demonstrated by a\n symlink from /tmp/keepalived.data or\n /tmp/keepalived.stats to /etc/passwd.(CVE-2018-19044)\n\n - keepalived before 2.0.7 has a heap-based buffer\n overflow when parsing HTTP status codes resulting in\n DoS or possibly unspecified other impact, because\n extract_status_code in lib/html.c has no validation of\n the status code and instead writes an unlimited amount\n of data to the heap.(CVE-2018-19115)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-16T00:00:00", "title": "EulerOS Virtualization 3.0.2.2 : keepalived (EulerOS-SA-2020-1493)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19115", "CVE-2018-19044"], "modified": "2020-04-16T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.2", "p-cpe:/a:huawei:euleros:keepalived"], "id": "EULEROS_SA-2020-1493.NASL", "href": "https://www.tenable.com/plugins/nessus/135655", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135655);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-19044\",\n \"CVE-2018-19115\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : keepalived (EulerOS-SA-2020-1493)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the keepalived package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - keepalived 2.0.8 didn't check for pathnames with\n symlinks when writing data to a temporary file upon a\n call to PrintData or PrintStats. This allowed local\n users to overwrite arbitrary files if\n fs.protected_symlinks is set to 0, as demonstrated by a\n symlink from /tmp/keepalived.data or\n /tmp/keepalived.stats to /etc/passwd.(CVE-2018-19044)\n\n - keepalived before 2.0.7 has a heap-based buffer\n overflow when parsing HTTP status codes resulting in\n DoS or possibly unspecified other impact, because\n extract_status_code in lib/html.c has no validation of\n the status code and instead writes an unlimited amount\n of data to the heap.(CVE-2018-19115)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1493\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?32c591fd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected keepalived packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:keepalived\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"keepalived-1.3.5-6.h126.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"keepalived\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:58:58", "description": "According to the versions of the keepalived package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Heap-based buffer overflow vulnerability in\n extract_status_code() function in lib/html.c that\n parses HTTP status code returned from web server allows\n malicious web server or man-in-the-middle attacker\n pretending to be a web server to cause either a denial\n of service or potentially execute arbitrary code on\n keepalived load balancer.(CVE-2018-19115)\n\n - keepalived 2.0.8 used mode 0666 when creating new\n temporary files upon a call to PrintData or PrintStats,\n potentially leaking sensitive\n information.(CVE-2018-19045)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-25T00:00:00", "title": "EulerOS 2.0 SP8 : keepalived (EulerOS-SA-2019-1770)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19115", "CVE-2018-19045"], "modified": "2019-07-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:keepalived", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1770.NASL", "href": "https://www.tenable.com/plugins/nessus/127007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127007);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-19045\",\n \"CVE-2018-19115\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : keepalived (EulerOS-SA-2019-1770)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the keepalived package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Heap-based buffer overflow vulnerability in\n extract_status_code() function in lib/html.c that\n parses HTTP status code returned from web server allows\n malicious web server or man-in-the-middle attacker\n pretending to be a web server to cause either a denial\n of service or potentially execute arbitrary code on\n keepalived load balancer.(CVE-2018-19115)\n\n - keepalived 2.0.8 used mode 0666 when creating new\n temporary files upon a call to PrintData or PrintStats,\n potentially leaking sensitive\n information.(CVE-2018-19045)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1770\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0efda200\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected keepalived packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:keepalived\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"keepalived-2.0.6-46.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"keepalived\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:03:29", "description": "According to the versions of the keepalived package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - keepalived 2.0.8 didn't check for pathnames with\n symlinks when writing data to a temporary file upon a\n call to PrintData or PrintStats. This allowed local\n users to overwrite arbitrary files if\n fs.protected_symlinks is set to 0, as demonstrated by a\n symlink from /tmp/keepalived.data or\n /tmp/keepalived.stats to /etc/passwd.(CVE-2018-19044)\n\n - keepalived 2.0.8 didn't check for existing plain files\n when writing data to a temporary file upon a call to\n PrintData or PrintStats. If a local attacker had\n previously created a file with the expected name (e.g.,\n /tmp/keepalived.data or /tmp/keepalived.stats), with\n read access for the attacker and write access for the\n keepalived process, then this potentially leaked\n sensitive information.(CVE-2018-19046)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 4.7, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-04-02T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : keepalived (EulerOS-SA-2020-1357)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19046", "CVE-2018-19044"], "modified": "2020-04-02T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.6.0", "p-cpe:/a:huawei:euleros:keepalived"], "id": "EULEROS_SA-2020-1357.NASL", "href": "https://www.tenable.com/plugins/nessus/135144", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135144);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-19044\",\n \"CVE-2018-19046\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : keepalived (EulerOS-SA-2020-1357)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the keepalived package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - keepalived 2.0.8 didn't check for pathnames with\n symlinks when writing data to a temporary file upon a\n call to PrintData or PrintStats. This allowed local\n users to overwrite arbitrary files if\n fs.protected_symlinks is set to 0, as demonstrated by a\n symlink from /tmp/keepalived.data or\n /tmp/keepalived.stats to /etc/passwd.(CVE-2018-19044)\n\n - keepalived 2.0.8 didn't check for existing plain files\n when writing data to a temporary file upon a call to\n PrintData or PrintStats. If a local attacker had\n previously created a file with the expected name (e.g.,\n /tmp/keepalived.data or /tmp/keepalived.stats), with\n read access for the attacker and write access for the\n keepalived process, then this potentially leaked\n sensitive information.(CVE-2018-19046)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1357\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2929acb5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected keepalived packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:keepalived\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"keepalived-2.0.6-71.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"keepalived\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-02-01T01:10:00", "description": "An update of the keepalived package has been released.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-24T00:00:00", "title": "Photon OS 3.0: Keepalived PHSA-2019-3.0-0015", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19046", "CVE-2019-11815", "CVE-2018-19044"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:keepalived", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0015_KEEPALIVED.NASL", "href": "https://www.tenable.com/plugins/nessus/126112", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0015. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126112);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/09\");\n\n script_cve_id(\"CVE-2018-19044\", \"CVE-2018-19046\");\n\n script_name(english:\"Photon OS 3.0: Keepalived PHSA-2019-3.0-0015\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the keepalived package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0015.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:keepalived\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"keepalived-2.0.16-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"keepalived-debuginfo-2.0.16-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"keepalived\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T01:09:41", "description": "An update of the keepalived package has been released.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-28T00:00:00", "title": "Photon OS 2.0: Keepalived PHSA-2019-2.0-0160", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19046", "CVE-2019-11815", "CVE-2018-19045"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:vmware:photonos:2.0", "p-cpe:/a:vmware:photonos:keepalived"], "id": "PHOTONOS_PHSA-2019-2_0-0160_KEEPALIVED.NASL", "href": "https://www.tenable.com/plugins/nessus/125394", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0160. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125394);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/13\");\n\n script_cve_id(\"CVE-2018-19045\", \"CVE-2018-19046\");\n\n script_name(english:\"Photon OS 2.0: Keepalived PHSA-2019-2.0-0160\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the keepalived package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-160.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:keepalived\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"keepalived-2.0.16-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"keepalived-debuginfo-2.0.16-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"keepalived\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T01:09:03", "description": "An update of the keepalived package has been released.", "edition": 18, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-28T00:00:00", "title": "Photon OS 1.0: Keepalived PHSA-2019-1.0-0235", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19046", "CVE-2019-11599", "CVE-2018-19045"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:keepalived", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0235_KEEPALIVED.NASL", "href": "https://www.tenable.com/plugins/nessus/125400", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0235. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125400);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/13\");\n\n script_cve_id(\"CVE-2018-19045\", \"CVE-2018-19046\");\n\n script_name(english:\"Photon OS 1.0: Keepalived PHSA-2019-1.0-0235\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the keepalived package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-235.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11599\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:keepalived\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"keepalived-2.0.16-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"keepalived-debuginfo-2.0.16-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"keepalived\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2019-03-10T05:37:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19046", "CVE-2018-19115", "CVE-2018-19045", "CVE-2018-19044"], "description": "### Background\n\nKeepalived is a strong & robust keepalive facility to the Linux Virtual Server project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in keepalived. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send a specially crafted request possibly resulting in a Denial of Service condition. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Keepalived users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-cluster/keepalived-2.0.10\"", "edition": 1, "modified": "2019-03-10T00:00:00", "published": "2019-03-10T00:00:00", "id": "GLSA-201903-01", "href": "https://security.gentoo.org/glsa/201903-01", "title": "Keepalived: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:32:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19046", "CVE-2018-19115", "CVE-2018-19047", "CVE-2018-19045", "CVE-2018-19044"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310875848", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875848", "type": "openvas", "title": "Fedora Update for keepalived FEDORA-2018-3fbc181b3e", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875848\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-19044\", \"CVE-2018-19045\", \"CVE-2018-19046\", \"CVE-2018-19115\", \"CVE-2018-19047\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:23:52 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for keepalived FEDORA-2018-3fbc181b3e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-3fbc181b3e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YQ7NS6S7B7V2X5NEUJKMTNXL3YPD7H3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'keepalived'\n package(s) announced via the FEDORA-2018-3fbc181b3e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Keepalived provides simple and robust facilities for load balancing\nand high availability to Linux system and Linux based infrastructures.\nThe load balancing framework relies on well-known and widely used\nLinux Virtual Server (IPVS) kernel module providing Layer4 load\nbalancing. Keepalived implements a set of checkers to dynamically and\nadaptively maintain and manage load-balanced server pool according\ntheir health. High availability is achieved by VRRP protocol. VRRP is\na fundamental brick for router failover. In addition, keepalived\nimplements a set of hooks to the VRRP finite state machine providing\nlow-level and high-speed protocol interactions. Keepalived frameworks\ncan be used independently or all together to provide resilient\ninfrastructures.\");\n\n script_tag(name:\"affected\", value:\"'keepalived' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived\", rpm:\"keepalived~2.0.10~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:36:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19046", "CVE-2018-19045", "CVE-2018-19044"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-12-22T00:00:00", "id": "OPENVAS:1361412562310852199", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852199", "type": "openvas", "title": "openSUSE: Security Advisory for keepalived (openSUSE-SU-2018:4212-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852199\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-19044\", \"CVE-2018-19045\", \"CVE-2018-19046\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-22 04:00:40 +0100 (Sat, 22 Dec 2018)\");\n script_name(\"openSUSE: Security Advisory for keepalived (openSUSE-SU-2018:4212-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.3|openSUSELeap15\\.0)\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4212-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00053.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'keepalived'\n package(s) announced via the openSUSE-SU-2018:4212-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for keepalived to version 2.0.10 fixes the following issues:\n\n Security issues fixed (bsc#1015141):\n\n - CVE-2018-19044: Fixed a check for pathnames with symlinks when writing\n data to a temporary file upon a call to PrintData or PrintStats\n\n - CVE-2018-19045: Fixed mode when creating new temporary files upon a call\n to PrintData or PrintStats\n\n - CVE-2018-19046: Fixed a check for existing plain files when writing data\n to a temporary file upon a call to PrintData or PrintStats\n\n Non-security issues fixed:\n\n - Replace references to /var/adm/fillup-templates with new %_fillupdir\n macro (boo#1069468)\n\n - Use getaddrinfo instead of gethostbyname to workaround glibc\n gethostbyname function buffer overflow (bsc#949238)\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1575=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1575=1\n\n - openSUSE Backports SLE-15:\n\n zypper in -t patch openSUSE-2018-1575=1\");\n\n script_tag(name:\"affected\", value:\"keepalived on openSUSE Leap 42.3, openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"keepalived\", rpm:\"keepalived~2.0.10~7.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived-debuginfo\", rpm:\"keepalived-debuginfo~2.0.10~7.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived-debugsource\", rpm:\"keepalived-debugsource~2.0.10~7.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"keepalived\", rpm:\"keepalived~2.0.10~lp150.3.4.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived-debuginfo\", rpm:\"keepalived-debuginfo~2.0.10~lp150.3.4.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived-debugsource\", rpm:\"keepalived-debugsource~2.0.10~lp150.3.4.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-17T16:57:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19115", "CVE-2018-19044"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-16T00:00:00", "published": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201493", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201493", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2020-1493)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1493\");\n script_version(\"2020-04-16T05:58:32+0000\");\n script_cve_id(\"CVE-2018-19044\", \"CVE-2018-19115\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:58:32 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:58:32 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2020-1493)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1493\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1493\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'keepalived' package(s) announced via the EulerOS-SA-2020-1493 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.(CVE-2018-19044)\n\nkeepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.(CVE-2018-19115)\");\n\n script_tag(name:\"affected\", value:\"'keepalived' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived\", rpm:\"keepalived~1.3.5~6.h126.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19115", "CVE-2018-19045"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191770", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191770", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2019-1770)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1770\");\n script_version(\"2020-01-23T12:21:58+0000\");\n script_cve_id(\"CVE-2018-19045\", \"CVE-2018-19115\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:21:58 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:21:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2019-1770)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1770\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1770\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'keepalived' package(s) announced via the EulerOS-SA-2019-1770 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Heap-based buffer overflow vulnerability in extract_status_code() function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary code on keepalived load balancer.(CVE-2018-19115)\n\nkeepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.(CVE-2018-19045)\");\n\n script_tag(name:\"affected\", value:\"'keepalived' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived\", rpm:\"keepalived~2.0.6~46.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-03T17:02:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19046", "CVE-2018-19044"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-01T00:00:00", "published": "2020-04-01T00:00:00", "id": "OPENVAS:1361412562311220201357", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201357", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2020-1357)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1357\");\n script_version(\"2020-04-01T13:54:46+0000\");\n script_cve_id(\"CVE-2018-19044\", \"CVE-2018-19046\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 13:54:46 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-01 13:54:46 +0000 (Wed, 01 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2020-1357)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1357\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1357\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'keepalived' package(s) announced via the EulerOS-SA-2020-1357 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.(CVE-2018-19044)\n\nkeepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.(CVE-2018-19046)\");\n\n script_tag(name:\"affected\", value:\"'keepalived' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived\", rpm:\"keepalived~2.0.6~71.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-02-26T20:50:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19044"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-25T00:00:00", "published": "2020-02-25T00:00:00", "id": "OPENVAS:1361412562311220201157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201157", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2020-1157)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1157\");\n script_version(\"2020-02-25T13:57:19+0000\");\n script_cve_id(\"CVE-2018-19044\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-25 13:57:19 +0000 (Tue, 25 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 13:57:19 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2020-1157)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1157\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1157\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'keepalived' package(s) announced via the EulerOS-SA-2020-1157 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.(CVE-2018-19044)\");\n\n script_tag(name:\"affected\", value:\"'keepalived' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived\", rpm:\"keepalived~2.0.6~70.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-05-06T01:04:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19044"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-30T00:00:00", "published": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562311220201561", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201561", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2020-1561)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1561\");\n script_version(\"2020-04-30T12:13:43+0000\");\n script_cve_id(\"CVE-2018-19044\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 12:13:43 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-30 12:13:43 +0000 (Thu, 30 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2020-1561)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1561\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1561\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'keepalived' package(s) announced via the EulerOS-SA-2020-1561 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.(CVE-2018-19044)\");\n\n script_tag(name:\"affected\", value:\"'keepalived' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived\", rpm:\"keepalived~1.3.5~6.h126\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19044"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192692", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192692", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2019-2692)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2692\");\n script_version(\"2020-01-23T13:14:13+0000\");\n script_cve_id(\"CVE-2018-19044\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:14:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:14:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2019-2692)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2692\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2692\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'keepalived' package(s) announced via the EulerOS-SA-2019-2692 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.(CVE-2018-19044)\");\n\n script_tag(name:\"affected\", value:\"'keepalived' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived\", rpm:\"keepalived~1.3.5~6.h126.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19115"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191710", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191710", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2019-1710)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1710\");\n script_version(\"2020-01-23T12:20:33+0000\");\n script_cve_id(\"CVE-2018-19115\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:20:33 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:20:33 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2019-1710)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1710\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1710\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'keepalived' package(s) announced via the EulerOS-SA-2019-1710 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Heap-based buffer overflow vulnerability in extract_status_code() function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary code on keepalived load balancer.(CVE-2018-19115)\");\n\n script_tag(name:\"affected\", value:\"'keepalived' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"keepalived\", rpm:\"keepalived~1.3.5~6.h115\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-05T01:41:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19115"], "description": "The remote host is missing an update for the ", "modified": "2019-05-31T00:00:00", "published": "2019-05-29T00:00:00", "id": "OPENVAS:1361412562310844024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844024", "type": "openvas", "title": "Ubuntu Update for keepalived USN-3995-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844024\");\n script_version(\"2019-05-31T13:18:49+0000\");\n script_cve_id(\"CVE-2018-19115\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-31 13:18:49 +0000 (Fri, 31 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-29 02:00:28 +0000 (Wed, 29 May 2019)\");\n script_name(\"Ubuntu Update for keepalived USN-3995-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU18\\.10|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3995-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3995-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'keepalived'\n package(s) announced via the USN-3995-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Keepalived incorrectly handled certain HTTP status\nresponse codes. A remote attacker could use this issue to cause Keepalived\nto crash, resulting in a denial of service, or possibly execute arbitrary\ncode.\");\n\n script_tag(name:\"affected\", value:\"'keepalived' package(s) on Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"keepalived\", ver:\"1:1.3.9-1ubuntu0.18.04.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"keepalived\", ver:\"1:1.3.9-1ubuntu1.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"keepalived\", ver:\"1:1.2.24-1ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-12-21T15:48:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19046", "CVE-2018-19045", "CVE-2018-19044"], "description": "This update for keepalived to version 2.0.10 fixes the following issues:\n\n Security issues fixed (bsc#1015141):\n\n - CVE-2018-19044: Fixed a check for pathnames with symlinks when writing\n data to a temporary file upon a call to PrintData or PrintStats\n - CVE-2018-19045: Fixed mode when creating new temporary files upon a call\n to PrintData or PrintStats\n - CVE-2018-19046: Fixed a check for existing plain files when writing data\n to a temporary file upon a call to PrintData or PrintStats\n\n Non-security issues fixed:\n\n - Replace references to /var/adm/fillup-templates with new %_fillupdir\n macro (boo#1069468)\n - Use getaddrinfo instead of gethostbyname to workaround glibc\n gethostbyname function buffer overflow (bsc#949238)\n\n For the full list of changes refer to:\n <a rel=\"nofollow\" href=\"http://www.keepalived.org/changelog.html\">http://www.keepalived.org/changelog.html</a>\n\n", "edition": 1, "modified": "2018-12-21T12:08:57", "published": "2018-12-21T12:08:57", "id": "OPENSUSE-SU-2018:4212-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00053.html", "title": "Security update for keepalived (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-21T15:48:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19046", "CVE-2018-19045", "CVE-2018-19044"], "description": "This update for keepalived to version 2.0.10 fixes the following issues:\n\n Security issues fixed (bsc#1015141):\n\n - CVE-2018-19044: Fixed a check for pathnames with symlinks when writing\n data to a temporary file upon a call to PrintData or PrintStats\n - CVE-2018-19045: Fixed mode when creating new temporary files upon a call\n to PrintData or PrintStats\n - CVE-2018-19046: Fixed a check for existing plain files when writing data\n to a temporary file upon a call to PrintData or PrintStats\n\n Non-security issues fixed:\n\n - Replace references to /var/adm/fillup-templates with new %_fillupdir\n macro (boo#1069468)\n - Use getaddrinfo instead of gethostbyname to workaround glibc\n gethostbyname function buffer overflow (bsc#949238)\n\n For the full list of changes refer to:\n <a rel=\"nofollow\" href=\"http://www.keepalived.org/changelog.html\">http://www.keepalived.org/changelog.html</a>\n\n", "edition": 1, "modified": "2018-12-21T12:09:48", "published": "2018-12-21T12:09:48", "id": "OPENSUSE-SU-2018:4213-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00054.html", "title": "Security update for keepalived (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "amazon": [{"lastseen": "2020-11-10T12:37:35", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19044"], "description": "**Issue Overview:**\n\nkeepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.([CVE-2018-19044 __](<https://access.redhat.com/security/cve/CVE-2018-19044>))\n\n \n**Affected Packages:** \n\n\nkeepalived\n\n \n**Issue Correction:** \nRun _yum update keepalived_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n keepalived-1.3.5-16.amzn2.aarch64 \n keepalived-debuginfo-1.3.5-16.amzn2.aarch64 \n \n i686: \n keepalived-1.3.5-16.amzn2.i686 \n keepalived-debuginfo-1.3.5-16.amzn2.i686 \n \n src: \n keepalived-1.3.5-16.amzn2.src \n \n x86_64: \n keepalived-1.3.5-16.amzn2.x86_64 \n keepalived-debuginfo-1.3.5-16.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-10-21T18:01:00", "published": "2019-10-21T18:01:00", "id": "ALAS2-2019-1323", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1323.html", "title": "Medium: keepalived", "type": "amazon", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19044"], "description": "**Issue Overview:**\n\nkeepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. ([CVE-2018-19044 __](<https://access.redhat.com/security/cve/CVE-2018-19044>) )\n\n \n**Affected Packages:** \n\n\nkeepalived\n\n \n**Issue Correction:** \nRun _yum update keepalived_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n keepalived-debuginfo-1.2.13-8.5.amzn1.i686 \n keepalived-1.2.13-8.5.amzn1.i686 \n \n src: \n keepalived-1.2.13-8.5.amzn1.src \n \n x86_64: \n keepalived-debuginfo-1.2.13-8.5.amzn1.x86_64 \n keepalived-1.2.13-8.5.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2020-08-10T22:53:00", "published": "2020-08-10T22:53:00", "id": "ALAS-2020-1414", "href": "https://alas.aws.amazon.com/ALAS-2020-1414.html", "title": "Medium: keepalived", "type": "amazon", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-11-10T12:36:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19115"], "description": "**Issue Overview:**\n\nHeap-based buffer overflow vulnerability in extract_status_code() function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary code on keepalived load balancer.([CVE-2018-19115 __](<https://access.redhat.com/security/cve/CVE-2018-19115>))\n\n \n**Affected Packages:** \n\n\nkeepalived\n\n \n**Issue Correction:** \nRun _yum update keepalived_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n keepalived-1.3.5-8.amzn2.aarch64 \n keepalived-debuginfo-1.3.5-8.amzn2.aarch64 \n \n i686: \n keepalived-1.3.5-8.amzn2.i686 \n keepalived-debuginfo-1.3.5-8.amzn2.i686 \n \n src: \n keepalived-1.3.5-8.amzn2.src \n \n x86_64: \n keepalived-1.3.5-8.amzn2.x86_64 \n keepalived-debuginfo-1.3.5-8.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-01-23T23:30:00", "published": "2019-01-23T23:30:00", "id": "ALAS2-2019-1154", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1154.html", "title": "Important: keepalived", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-15T00:45:11", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19044"], "description": "The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover.\n\nSecurity Fix(es):\n\n* keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks (CVE-2018-19044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "modified": "2019-08-06T13:43:32", "published": "2019-08-06T12:21:21", "id": "RHSA-2019:2285", "href": "https://access.redhat.com/errata/RHSA-2019:2285", "type": "redhat", "title": "(RHSA-2019:2285) Moderate: keepalived security and bug fix update", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19115"], "description": "The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover.\n\nSecurity Fix(es):\n\n* keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution (CVE-2018-19115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-30T12:51:31", "published": "2019-07-30T12:22:58", "id": "RHSA-2019:1945", "href": "https://access.redhat.com/errata/RHSA-2019:1945", "type": "redhat", "title": "(RHSA-2019:1945) Important: keepalived security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:23", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19115"], "description": "The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover.\n\nSecurity Fix(es):\n\n* keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution (CVE-2018-19115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-16T16:12:42", "published": "2019-07-16T15:50:57", "id": "RHSA-2019:1792", "href": "https://access.redhat.com/errata/RHSA-2019:1792", "type": "redhat", "title": "(RHSA-2019:1792) Important: keepalived security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19115"], "description": "The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover.\n\nSecurity Fix(es):\n\n* keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution (CVE-2018-19115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-01-04T01:50:26", "published": "2019-01-04T01:48:42", "id": "RHSA-2019:0022", "href": "https://access.redhat.com/errata/RHSA-2019:0022", "type": "redhat", "title": "(RHSA-2019:0022) Important: keepalived security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-08-14T08:37:59", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19044"], "description": "[1.3.5-16]\n- Rework previous misc_script/vrrp_script patch (#1667292)\n[1.3.5-15]\n- Rework previous checker comparison patch (#1715308)\n[1.3.5-14]\n- Make checker variables non global (#1715308)\n[1.3.5-13]\n- Fix comparison of checkers on reload (#1715308)\n[1.3.5-12]\n- Fix build errors (#1678480)\n[1.3.5-11]\n- Fix problems with health checks & real servers after reload/restart (#1678480)\n[1.3.5-10]\n- Fix vrrp_script and check_misc scripts of type '\n[1.3.5-9]\n- Fix improper pathname validation (#1654301)", "edition": 1, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2285", "href": "http://linux.oracle.com/errata/ELSA-2019-2285.html", "title": "keepalived security and bug fix update", "type": "oraclelinux", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19115"], "description": "[1.3.5-8]\n- Fixed patch that was incorrectly removed (#1652694)\n[1.3.5-7]\n- Fix buffer overflow when parsing HTTP status codes (#1652694)", "edition": 4, "modified": "2019-01-04T00:00:00", "published": "2019-01-04T00:00:00", "id": "ELSA-2019-0022", "href": "http://linux.oracle.com/errata/ELSA-2019-0022.html", "title": "keepalived security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:29:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19044"], "description": "**CentOS Errata and Security Advisory** CESA-2019:2285\n\n\nThe keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover.\n\nSecurity Fix(es):\n\n* keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks (CVE-2018-19044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/005928.html\n\n**Affected packages:**\nkeepalived\n\n**Upstream details at:**\n", "edition": 2, "modified": "2019-08-30T03:09:17", "published": "2019-08-30T03:09:17", "id": "CESA-2019:2285", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2019-August/005928.html", "title": "keepalived security update", "type": "centos", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-08T03:38:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19115"], "description": "**CentOS Errata and Security Advisory** CESA-2019:0022\n\n\nThe keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover.\n\nSecurity Fix(es):\n\n* keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution (CVE-2018-19115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-January/035178.html\n\n**Affected packages:**\nkeepalived\n\n**Upstream details at:**\n", "edition": 5, "modified": "2019-01-06T12:09:18", "published": "2019-01-06T12:09:18", "id": "CESA-2019:0022", "href": "http://lists.centos.org/pipermail/centos-announce/2019-January/035178.html", "title": "keepalived security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T00:52:29", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19115"], "description": "Package : icecast2\nVersion : 1:1.2.13-1+deb8u1\nCVE ID : CVE-2018-19115\nDebian Bug : 914393\n\n\nkeepalived has a heap-based buffer overflow when parsing HTTP status\ncodes resulting in DoS or possibly unspecified other impact, because\nextract_status_code in lib/html.c has no validation of the status code\nand instead writes an unlimited amount of data to the heap.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n1:1.2.13-1+deb8u1.\n\nWe recommend that you upgrade your keepalived packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2018-11-26T14:05:42", "published": "2018-11-26T14:05:42", "id": "DEBIAN:DLA-1589-1:A7ECF", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201811/msg00034.html", "title": "[SECURITY] [DLA-1589-1] keepalived security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19115"], "description": "USN-3995-1 fixed a vulnerability in keepalived. This update provides \nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that Keepalived incorrectly handled certain HTTP status \nresponse codes. A remote attacker could use this issue to cause Keepalived \nto crash, resulting in a denial of service, or possibly execute arbitrary \ncode.", "edition": 3, "modified": "2019-05-28T00:00:00", "published": "2019-05-28T00:00:00", "id": "USN-3995-2", "href": "https://ubuntu.com/security/notices/USN-3995-2", "title": "Keepalived vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:37:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19115"], "description": "It was discovered that Keepalived incorrectly handled certain HTTP status \nresponse codes. A remote attacker could use this issue to cause Keepalived \nto crash, resulting in a denial of service, or possibly execute arbitrary \ncode.", "edition": 3, "modified": "2019-05-28T00:00:00", "published": "2019-05-28T00:00:00", "id": "USN-3995-1", "href": "https://ubuntu.com/security/notices/USN-3995-1", "title": "Keepalived vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
