Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-19046

Опубликовано: 08 нояб. 2018
Источник: ubuntu
Приоритет: low
CVSS2: 1.9
CVSS3: 4.7

Описание

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

not-affected

1:2.0.10-1
disco

not-affected

1:2.0.10-1
eoan

not-affected

1:2.0.10-1
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

needed

esm-infra/focal

not-affected

1:2.0.10-1
esm-infra/xenial

not-affected

code not present
focal

not-affected

1:2.0.10-1

Показывать по

Ссылки на источники

1.9 Low

CVSS2

4.7 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-19046

CVSS3: 7.1
redhat
около 7 лет назад

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.

nvd логотип

CVE-2018-19046

CVSS3: 4.7
nvd
около 7 лет назад

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.

debian логотип

CVE-2018-19046

CVSS3: 4.7
debian
около 7 лет назад

keepalived 2.0.8 didn't check for existing plain files when writing da ...

github логотип

GHSA-fjwx-29fr-83hw

CVSS3: 4.7
github
больше 3 лет назад

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.

fstec логотип

BDU:2020-05642

CVSS3: 4.7
fstec
больше 7 лет назад

Уязвимость реализации вызовов PrintData или PrintStats системы балансировки сетевого трафика Keepalived, позволяющая нарушителю получить доступ к защищаемой информации

1.9 Low

CVSS2

4.7 Medium

CVSS3