keepalived 2.0.8 didn’t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.
CPE | Name | Operator | Version |
---|---|---|---|
keepalived | eq | 1.2.24 | |
keepalived | eq | 1.2.18 | |
keepalived | eq | 2.0.7 | |
keepalived | eq | 1.2.5 | |
keepalived | eq | 1.2.2 | |
keepalived | eq | 0.4.9 | |
keepalived | eq | 1.3.6 | |
keepalived | eq | 1.4.1 | |
keepalived | eq | 1.2.14 | |
keepalived | eq | 1.0.0 |