20 matches found
MiracleLinux 7 : keepalived-1.3.5-16.el7 (AXSA:2019-4318:03)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-4318:03 advisory. keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks CVE-2018-19044 Tenable has extracted the preceding...
Linux Distros Unpatched Vulnerability : CVE-2018-19044
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users...
Oracle Linux 7 : keepalived (ELSA-2019-2285)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-2285 advisory. 1.3.5-16 - Rework previous miscscript/vrrpscript patch 1667292 1.3.5-15 - Rework previous checker comparison patch 1715308 1.3.5-14 - Make checker variables non...
Mageia: Security Advisory (MGASA-2018-0494)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : keepalived (EulerOS-SA-2020-2123)
According to the version of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This...
EulerOS Virtualization for ARM 64 3.0.2.0 : keepalived (EulerOS-SA-2020-1561)
According to the version of the keepalived package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintDa...
Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2019-2692)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.05 / MAIN 5.05 : keepalived Vulnerability (NS-SA-2019-0240)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has keepalived packages installed that are affected by a vulnerability: - keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed loca...
EulerOS 2.0 SP5 : keepalived (EulerOS-SA-2019-2692)
According to the version of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This...
NewStart CGSL CORE 5.04 / MAIN 5.04 : keepalived Vulnerability (NS-SA-2019-0219)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has keepalived packages installed that are affected by a vulnerability: - keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed loca...
Medium: keepalived
Issue Overview: keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data...
Scientific Linux Security Update : keepalived on SL7.x x86_64 (20190806)
Security Fixes : - keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks CVE-2018-19044 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid128225; scriptversion"1.6";...
openSUSE Security Update : keepalived (openSUSE-2019-1008)
This update for keepalived to version 2.0.10 fixes the following issues : Security issues fixed bsc1015141 : - CVE-2018-19044: Fixed a check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats - CVE-2018-19045: Fixed mode when creating new...
Photon OS 1.0: Keepalived PHSA-2019-1.0-0212
An update of the keepalived package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0212. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Fedora 29 : keepalived (2018-3fbc181b3e)
Security fix for CVE-2018-19044, CVE-2018-19045, CVE-2018-19046, CVE-2018-19115 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
openSUSE Security Update : keepalived (openSUSE-2018-1575)
This update for keepalived to version 2.0.10 fixes the following issues : Security issues fixed bsc1015141 : - CVE-2018-19044: Fixed a check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats - CVE-2018-19045: Fixed mode when creating new...
openSUSE: Security Advisory for keepalived (openSUSE-SU-2018:4212-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for keepalived (moderate)
This update for keepalived to version 2.0.10 fixes the following issues: Security issues fixed bsc1015141: - CVE-2018-19044: Fixed a check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats - CVE-2018-19045: Fixed mode when creating new...
CVE-2018-19044
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or...
CVE-2018-19044
CVE-2018-19044 applies to keepalived 2.0.8, where improper pathname validation allows local users to overwrite arbitrary files via symlinks when writing to a temporary file (examples: /tmp/keepalived.data or /tmp/keepalived.stats symlinked to /etc/passwd) if fs.protected_symlinks is 0. Connected ...