Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-19044

Опубликовано: 08 нояб. 2018
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 3.3
CVSS3: 4.7

Описание

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

not-affected

1:2.0.10-1
disco

not-affected

1:2.0.10-1
eoan

not-affected

1:2.0.10-1
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

needed

esm-infra/focal

not-affected

1:2.0.10-1
esm-infra/xenial

not-affected

code not present
focal

not-affected

1:2.0.10-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 26%
0.00088
Низкий

3.3 Low

CVSS2

4.7 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-19044

CVSS3: 7
redhat
почти 7 лет назад

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.

nvd логотип

CVE-2018-19044

CVSS3: 4.7
nvd
почти 7 лет назад

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.

debian логотип

CVE-2018-19044

CVSS3: 4.7
debian
почти 7 лет назад

keepalived 2.0.8 didn't check for pathnames with symlinks when writing ...

github логотип

GHSA-2357-m5j6-6jv3

CVSS3: 4.7
github
больше 3 лет назад

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.

oracle-oval логотип

ELSA-2019-2285

oracle-oval
около 6 лет назад

ELSA-2019-2285: keepalived security and bug fix update (MODERATE)

EPSS

Процентиль: 26%
0.00088
Низкий

3.3 Low

CVSS2

4.7 Medium

CVSS3