Vulnerability CVE-2018-19044

Vulnerability Name:

CVE-2018-19044 (CCN-152793)

Assigned:

2018-11-08

Published:

2018-11-08

Updated:

2019-08-06

Summary:

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.

CVSS v3 Severity:

4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)
4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

7.0 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

3.3 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-59

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2018-19044

Source: CCN
Type: keepalived Web site
keepalived

Source: REDHAT
Type: UNKNOWN
RHSA-2019:2285

Source: CCN
Type: Bugzilla Bug 1015141
(CVE-2018-19044) VUL-0: CVE-2018-19044,CVE-2018-19045,CVE-2018-19046, CVE-2018-19115: keepalived: dbus support in keepalived

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1015141

Source: XF
Type: UNKNOWN
keepalived-cve201819044-symlink(152793)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306

Source: MISC
Type: Exploit, Patch, Third Party Advisory
https://github.com/acassen/keepalived/issues/1048

Source: GENTOO
Type: Third Party Advisory
GLSA-201903-01

Vulnerable Configuration:

Configuration 1:

cpe:/a:keepalived:keepalived:2.0.8:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:keepalived:keepalived:2.0.8:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201819044	V	CVE-2018-19044	2022-06-30
oval:org.opensuse.security:def:112504	P	keepalived-2.2.2-4.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:4238	P	Security update for ImageMagick (Moderate)	2021-12-10
oval:org.opensuse.security:def:4225	P	Security update for libqt5-qtsvg (Moderate)	2021-10-12
oval:org.opensuse.security:def:105997	P	keepalived-2.2.2-4.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:5122	P	Security update for hivex (Moderate)	2021-09-23
oval:org.opensuse.security:def:4280	P	Security update for crmsh (Important)	2021-09-16
oval:org.opensuse.security:def:4217	P	Security update for wireshark (Moderate)	2021-09-13
oval:org.opensuse.security:def:5100	P	Security update for mysql-connector-java (Moderate)	2021-08-30
oval:org.opensuse.security:def:4458	P	Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP5) (Important)	2021-07-27
oval:org.opensuse.security:def:4454	P	Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP5) (Important)	2021-07-27
oval:org.opensuse.security:def:4462	P	Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP5) (Important)	2021-07-27
oval:org.opensuse.security:def:4447	P	Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP5) (Important)	2021-07-22
oval:org.opensuse.security:def:69490	P	Security update for caribou (Important)	2021-06-17
oval:org.opensuse.security:def:4421	P	Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP5) (Important)	2021-05-25
oval:org.opensuse.security:def:4401	P	Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP5) (Important)	2021-04-28
oval:org.opensuse.security:def:69595	P	Security update for python-Jinja2 (Important)	2021-02-26
oval:org.opensuse.security:def:4324	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4312	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:4340	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:25058	P	Security update for gdb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25266	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:66259	P	Security update for keepalived (Important)	2020-12-01
oval:org.opensuse.security:def:26394	P	Security update for chromium (Moderate)	2020-12-01
oval:org.opensuse.security:def:25698	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:25407	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:72948	P	Security update for keepalived (Important)	2020-12-01
oval:org.opensuse.security:def:25756	P	Security update for python, python-base, python-doc (Moderate)	2020-12-01
oval:org.opensuse.security:def:25610	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24994	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:25185	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26429	P	Security update for keepalived (Moderate)	2020-12-01
oval:org.opensuse.security:def:25323	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:66167	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25712	P	Security update for python36 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25557	P	Security update for transfig (Low)	2020-12-01
oval:org.opensuse.security:def:24983	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:72830	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:91866	P	Security update for keepalived (Important)	2020-03-24
oval:org.opensuse.security:def:98816	P	Security update for keepalived (Important)	2020-03-24
oval:com.redhat.rhsa:def:20192285	P	RHSA-2019:2285: keepalived security and bug fix update (Moderate)	2019-08-06
oval:com.ubuntu.xenial:def:2018190440000000	V	CVE-2018-19044 on Ubuntu 16.04 LTS (xenial) - low.	2018-11-08
oval:com.ubuntu.bionic:def:201819044000	V	CVE-2018-19044 on Ubuntu 18.04 LTS (bionic) - low.	2018-11-08
oval:com.ubuntu.disco:def:2018190440000000	V	CVE-2018-19044 on Ubuntu 19.04 (disco) - low.	2018-11-08
oval:com.ubuntu.cosmic:def:201819044000	V	CVE-2018-19044 on Ubuntu 18.10 (cosmic) - low.	2018-11-08
oval:com.ubuntu.cosmic:def:2018190440000000	V	CVE-2018-19044 on Ubuntu 18.10 (cosmic) - low.	2018-11-08
oval:com.ubuntu.trusty:def:201819044000	V	CVE-2018-19044 on Ubuntu 14.04 LTS (trusty) - low.	2018-11-08
oval:com.ubuntu.bionic:def:2018190440000000	V	CVE-2018-19044 on Ubuntu 18.04 LTS (bionic) - low.	2018-11-08
oval:com.ubuntu.xenial:def:201819044000	V	CVE-2018-19044 on Ubuntu 16.04 LTS (xenial) - low.	2018-11-08

BACK