keepalived 2.0.8 didn’t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
keepalived | eq | 1.2.24 | |
keepalived | eq | 1.2.18 | |
keepalived | eq | 2.0.7 | |
keepalived | eq | 1.2.5 | |
keepalived | eq | 1.2.2 | |
keepalived | eq | 0.4.9 | |
keepalived | eq | 1.3.6 | |
keepalived | eq | 1.4.1 | |
keepalived | eq | 1.2.14 | |
keepalived | eq | 1.0.0 |